Online criminal forums, both on the public internet and on the “dark web” of Tor .onion sites, are a rich resource for threat intelligence researchers. The Sophos Counter Threat Unit (CTU) have a team of darkweb researchers collecting intelligence and interacting with darkweb forums, but combing through these posts is a time-consuming and resource-intensive task, … Read More
Jul 10, 2025Ravie LakshmananVulnerability / AI Security Cybersecurity researchers have discovered a critical vulnerability in the open-source mcp-remote project that could result in the execution of arbitrary operating system (OS) commands. The vulnerability, tracked as CVE-2025-6514, carries a CVSS score of 9.6 out of 10.0. “The vulnerability allows attackers to trigger arbitrary OS command execution … Read More
There’s no official word on what the problem is, but Ingram Micro’s website has been down since Thursday morning. They claim to be “currently experiencing technical difficulties…” Are you thinking what I’m thinking? I really hope I’m wrong, but it’s not at all unusual for … Read More
Authorities in the United Kingdom this week arrested four alleged members of “Scattered Spider,” a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer. Scattered Spider is the name given to an English-speaking cybercrime group known for using social engineering tactics to break into companies … Read More
Model Context Protocol (MCP) was created in late 2024 by OpenAI’s top competitor Anthropic. It was so good as a means for providing a standardized way to connect AI models to various data sources and tools that OpenAI adopted it as a standard, as have most other big AI players and all three hyperscalers. In … Read More
This week, we’re updating Sophos Central firewall management with a couple of important updates, including a new account health check feature and enhanced scalability and performance for partners managing large groups of customers. The new account health check capability provides a framework that will be expanded over time to perform a variety of helpful assessments … Read More
Jul 10, 2025Ravie LakshmananCryptocurrency / Cybercrime Cryptocurrency users are the target of an ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can drain digital assets from both Windows and macOS systems. “These malicious operations impersonate AI, gaming, and Web3 firms using spoofed social media accounts and project … Read More
Well well well, in news that will shock absolutely no-one it has been confirmed that Ingram Micro was hit by ransomware. As I mentioned a couple of days ago, speculation swirled that the IT product distributor had suffered a cyber attack after its website went … Read More
Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more … Read More
Aufgrund der sensiblen Informationen, die sie verarbeiten, sind EU-Institutionen ein attraktives Ziel für potenzielle Angreifer. symbiot – shutterstock.com Trotz neuer Initiativen der Europäischen Kommission zur Stärkung der Cybersicherheit bleibt die Sicherheitslage in vielen EU-Institutionen besorgniserregend. Schon 2022 warnte der Europäische Rechnungshof in einem Sonderbericht, dass das Schutzniveau nicht der tatsächlichen Bedrohungslage entspreche. Die EU-Kommission wurde … Read More