Southeast Asian Scam Centers Face More Financial Sanctions
Firms cooperating with cybercrime syndicates in Burma and Cambodia face sanctions by the US government and enforcement actions by China, but the scams continue to grow.
Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts
Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts. The vulnerability, tracked as CVE-2025-54236 (aka SessionReaper), carries a CVSS score of 9.1 out of a maximum of 10.0. It has been described as an improper…
SAP Patches Critical NetWeaver (CVSS Up to 10.0) and Previously Exploited S/4HANA Flaws
SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files. The vulnerabilities are listed below – CVE-2025-42944 (CVSS score: 10.0) – A deserialization vulnerability in SAP NetWeaver that could allow an unauthenticated attacker to submit a…
EoP Flaws Again Lead Microsoft Patch Day
Nearly half the CVEs Microsoft disclosed in its September security update, including one publicly known bug, enable escalation of privileges.
Is the Browser Becoming the New Endpoint?
While the jury is still out, it’s clear that use has skyrocketed and security needs to align.
Qantas Reduces Executive Pay Following Cyberattack
The data breach, which occurred earlier this year, saw threat actors compromise a third-party platform to obtain Qantas customers’ personal information.
Huge NPM Supply-Chain Attack Goes Out With Whimper
Threat actors phished Qix’s NPM account, then used their access to publish poisoned versions of 18 popular open-source packages accounting for more than 2 billion weekly downloads.
Salty2FA Takes Phishing Kits to Enterprise Level
Cybercriminal operations use the same strategy and planning as legitimate organizations as they arm adversarial phishing kits with advanced features.
New enhancements to the Sophos AI Assistant
It isn’t just another AI tool — it’s expertise from the team behind the world’s leading MDR service.
Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks
Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft’s Direct Send feature to form a “highly efficient attack pipeline” in recent phishing campaigns, according to new findings from ReliaQuest. “Axios user agent activity surged 241% from June to August 2025, dwarfing the 85% growth of all other flagged user agents combined,”…