Ransomware activity peaks outside business hours
Intrusions continue to center on credential access and timed execution outside standard business hours. The Sophos Active Adversary Report 2026 analyzes 661 incident response …
Sophos expands security stack to govern apps, data, and AI in hybrid work
Sophos has announced Sophos Workspace Protection, expanding its portfolio to help organizations secure hybrid work and govern the use of emerging technologies, including AI. …
Ransomware’s new playbook is chaos
Ransomware threats are accelerating in scale, sophistication, and impact. Data reveals how evolving techniques, shifting payment trends, and AI-driven capabilities are …
Manufacturing is becoming a test bed for ransomware shifts
Manufacturing leaders may feel that ransomware risk has settled, but new data shows the threat is shifting in ways that require attention, according to a Sophos report. A …
Sophos adds Intelix threat intelligence to Microsoft Security and 365 Copilot
Sophos announced the general availability of new integrations that connect Sophos Intelix, its cyber threat intelligence repository, with Microsoft Security Copilot and …
Retailers are learning to say no to ransom demands
Ransomware remains one of the biggest operational risks for retailers, but the latest data shows a shift in how these attacks unfold. Fewer incidents now lead to data …
Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287)
Attackers have been spotted exploiting the recently patched WSUS vulnerability (CVE-2025-59287) to deploy infostealer malware on unpatched Windows servers. An out-of-band …
Sophos ITDR enhances identity security with dark web monitoring and automated response
Sophos has launched Sophos Identity Threat Detection and Response (ITDR), a new solution for Sophos XDR and Sophos MDR that continuously monitors customer environments for …
Legit tools, illicit uses: Velociraptor, Nezha turned against victims
Threat actors are using an increasing variety of commercial and open-source products to carry out their attacks: according to researchers, Velociraptor and Nezha are the …
ScreenConnect admins targeted with spoofed login alerts
ScreenConnect cloud administrators across all region and industries are being targeted with fake email alerts warning about a potentially suspicious login event. The goal of …
Companies negotiate their way to lower ransom payments
Nearly 50% of companies paid the ransom to recover their data, the second-highest rate in six years, according to Sophos. How actual payments stack up with the initial demand …
Attackers hit MSP, use its RMM software to deliver ransomware to clients
A threat actor wielding the DragonForce ransomware has compromised an unnamed managed service provider (MSP) and pushed the malware onto its client organizations via …