Sophos released its Annual Threat Report 2025: Cybercrime on Main Street, which sheds light on the biggest security threats small and medium-sized businesses faced in 2024, including ransomware as biggest threat. Compromised network edge devices—firewalls, virtual private network appliances, and other access devices—account for a quarter of the initial compromises of businesses in cases that…
In an eleventh-hour move, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) ensured that the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs did not lapse. The move will ensure that the MITRE Corporation will continue operating the CVE program for at least another 11 months after federal cybersecurity officials confirmed that they temporarily…
UnitedHealth Group is demanding that healthcare providers repay the loans they received from the company after a cyberattack at its tech unit Change Healthcare last year, according to two providers on Friday. The largest U.S. health insurance company loaned out $9 billion to providers who had been struggling after the massive ransomware attack in February…
SonicWall has issued a security advisory disclosing three newly identified vulnerabilities in its NetExtender Windows client, a popular VPN tool used by organizations for secure remote access to internal networks. SonicWall outlined three distinct vulnerabilities affecting NetExtender for Windows versions 10.3.1 and earlier: CVE-2025-23008 — Improper Privilege Management (CVSS 7.2) This high-severity flaw allows a low-privileged attacker…
DDoS attacks are precision-guided digital weapons as DDoS-for-hire services, AI and powerful botnets drive onslaught of attacks Threat Intelligence Report, revealing how Distributed Denial of Service (DDoS) attacks have become a dominant means of waging cyberwarfare linked to sociopolitical events such as elections, civil protests, and policy disputes. The findings show how attackers exploit moments…
Sebi has extended the deadline for regulated entities to adopt a cybersecurity framework to June 2025, citing requests for more time. The framework aims to enhance cyber resilience. The decision follows feedback from stakeholders requesting more time to adapt to the Industry Standards, which outline the minimum information required for review by audit committees and…
An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India’s public sector postal system as part of a campaign. This is designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has attributed the campaign with medium confidence…
Microsoft has expanded its AI-driven Security Copilot with six proprietary AI agents to help security teams. The company is also working with partners to add five more third-party agents into the mix. The security agents will be available for preview next month. They are designed to autonomously triage and process phishing alerts, data loss alerts, prioritize critical incidents,…
CrowdStrike collaborates with Nvidia to advance agentic AI in cybersecurity operations The pair are advancing agentic AI in cybersecurity, testing Nvidia’s reasoning models to automate detection and enhance SOC efficiency CrowdStrike has announced it is collaborating with Nvidia to drive agentic AI innovation in its cybersecurity solutions for businesses. The pair will also test and pioneer…
Rapid7 announced plans for expansion in India, including the opening of a new Global Capability Center (GCC) in Pune to serve as an innovation hub and Security Operations Center (SOC). In addition, the company announced a series of in-region events to engage with government, education, and talent stakeholders on Rapid7’s commitment to enable customers to…
