On April 29, 2026, security researchers detailed a campaign known as ‘mini Shai-Hulud’ that involves compromised versions of npm packages used in SAP’s Cloud Application Programming Model (CAP). The malicious packages reportedly contain functionality to steal sensitive data such as credentials. The stolen data is encrypted and exfiltrated via public GitHub repositories. The maintainers of known-compromised packages have released updated versions.
|
By Sophos X-Ops
Sophos X-Ops is aware of reports that two widely-used developer tools – the Checkmarx KICs security scanner and the Bitwarden CLI – were hijacked on April 22, 2026, to steal credentials from development environments. These attacks occurred within hours of each other and share the same command-and-control (C2) domain – potentially pointing to a single threat actor running a coordinated campaign. Both vendors have since reportedly contained the incidents.
|
By Ross McKerchar
For decades, passwords have been the standard method for protecting access to systems and accounts. However, passwords can be compromised or stolen via tactics such as brute-force attacks, phishing attacks, and infostealer malware. The shift to multi-factor authentication (MFA) added another layer of security by requiring additional authentication to verify the user’s identity – some combination of something you know, own, or (in the case of biometrics) are.
|
By Sophos
Sophos Firewall v22 MR1 is now available Check out the full release notes for more details and a list of fixes. Sophos Firewall v22 bolstered Secure by Design, taking it to a whole new level with major updates to the architecture and new features like the Health Check to help identify high-risk configurations.
|
By Morgan Demboski
Sophos analysts are investigating the active abuse of QEMU, an “open-source machine emulator and virtualizer,” by threat actors seeking to hide malicious activity within virtualized environments. Attackers are drawn to QEMU and more common hypervisor-based virtualization tools like Hyper-V, VirtualBox, and VMware because malicious activity within a virtual machine (VM) is essentially invisible to endpoint security controls and leaves little forensic evidence on the host itself.
|
By Sophos
Secure by Design: Building cybersecurity into the foundation An explainer of why this philosophy matters and how it reduces attack surface from the inside Secure by Design is a software development philosophy that treats security as a foundational requirement rather than an afterthought.
|
By Ross McKerchar
We can't control the pace of AI-driven vulnerability discovery, but we can control how fast we respond. Last week, Thomas Ptacek published a piece arguing that vulnerability research is cooked. His thesis: AI agents are about to drown us in a steady stream of validated, exploitable, high-severity vulnerabilities, faster than anyone can patch them. But from where I sit, the more urgent question isn't whether the flood is coming, but whether the infrastructure we depend on can absorb it.
|
By Ross McKerchar
Following our article on the challenges posed by agentic AI, we gave OpenClaw access to one of our legacy networks In my previous article on OpenClaw I wrote: “Even the most ‘risk-on’ organizations with deep AI and security experience, will likely find it challenging to configure OpenClaw in a way that effectively mitigates the risk of compromise or data loss, while still retaining any productivity value.” The Red Team here at Sophos took that as ‘challenge accepted’, s
On April 7, 2026, a security researcher described an Adobe Reader zero-day vulnerability that has been exploited since at least December 2025. The vulnerability allows threat actors to execute privileged Acrobat APIs via specially crafted malicious PDF files that execute obfuscated JavaScript when opened. Exploitation allows attackers to steal sensitive user and system data and to potentially launch additional attacks and remotely execute code.
|
By Sophos
No matter the country, industry, or company size, IT and cybersecurity teams report a heavy regulatory load and worry about staying aligned with requirements Organizations today operate under a substantial number of IT and cybersecurity compliance obligations.
|
By Sophos
Threat actors are getting better at hiding in plain sight through using virtual environments to evade detection and deliver ransomware. New research from Sophos X-Ops reveals an increase in the abuse of QEMU, an open-source emulator, to conceal malicious activity inside virtual machines. While this technique isn’t new, its use for defense evasion is accelerating, making visibility and detection even more challenging for defenders.
|
By Sophos
AI speed. Human judgment. Fully managed. Sophos MDR: the world's largest agentic SOC. Speak with an expert. Request a custom service proposal at Sophos.com/MDR.
|
By Sophos
A step-by-step tutorial that shows you how to deploy Sophos Firewall in AWS. It covers choosing a license model, creating an EC2 SSH key pair, launching the CloudFormation stack, registering the firewall in Sophos Central, and completing the default certificate.
|
By Sophos
An overview of the new Sophos Firewall Configuration Studio, the newest version of the Firewall Configuration Viewer. This standalone, browser-based tool converts firewall configurations into a clear, human-readable format, enhancing your viewing, auditing, documentation, and comparison capabilities. All data is processed locally, so your information remains 100% private. Ask questions and get expert answers in the Sophos Community.
|
By Sophos
Sophos enhances the Microsoft environments your customers already trust — helping you deliver stronger outcomes, clearer value, and a more defensible service offering. If you’re ready to build a more profitable and scalable Microsoft security practice, let’s talk.
|
By Sophos
A step-by-step tutorial showing you how to use a federated identity provider (IDP) to enforce access to critical resources only through Sophos Protected Browser. The optional step to enforce the use of Protected Browser via Sophos Endpoint is also shown. Note: Microsoft Entra ID is used as the IDP in this Techvid. Ask questions and get expert answers in the Sophos Community.
|
By Sophos
An overview of the Sophos Support Portal. Explore the available self-service resources, learn how to use Live Chat, create a Technical Support case, and more. Ask questions and get expert answers in the Sophos Community.
|
By Sophos
An overview of the Sophos Support Portal. Explore the available self-service resources, learn how to use Live Chat, create a Technical Support case, and much more. Ask questions and get expert answers in the Sophos Community.
|
By Sophos
We went live to break down insights from 661 real‑world incidents remediated by Sophos X‑Ops, as detailed in the Sophos Active Adversary Report 2026. Host Susie Evershed and Sophos Senior Incident Response Analyst Hilary Wood unpacked the key trends shaping today’s threat landscape, including the continued dominance of identity‑driven attacks and the prevention steps that still made the biggest difference.
|
By Sophos
An overview of the new Sophos Firewall Configuration Viewer - a standalone, browser-based tool that converts firewall configurations into a clear, human-readable format, enhancing your viewing, auditing, documentation, and comparison capabilities. All data is processed locally, so your information remains 100% private. Ask questions and get expert answers in the Sophos Community.
|
By Sophos
This white paper reveals the attack techniques most likely to drive highimpact incidents - and provides practical advice on how to stop them. By learning from realworld attacks, businesses can strengthen their resilience and meaningfully reduce their cyber risk.
|
By Sophos
369 IT and cybersecurity leaders reveal the ransomware realities for financial services providers today. The report examines how the causes and consequences of ransomware attacks on financial services providers have evolved over time. This year's edition also sheds light on previously unexplored areas, including the organizational factors that left providers exposed and the human toll ransomware takes on IT and cybersecurity teams in the financial services sector.
|
By Sophos
Security Operations Centers (SOCs) are essential for detecting and responding to cyber threats, but building the right model isn't one-size-fits-all. With talent shortages and rising threat complexity, many organizations are rethinking how to scale security operations. This guide breaks down the pros, cons, and trade-offs of in-house, hybrid, and outsourced SOC models. Find the SOC strategy that fits your needs, risk profile, and available resources.
- April 2026 (17)
- March 2026 (17)
- February 2026 (6)
- January 2026 (10)
Sophos unites unmatched threat intelligence, adaptive AI, and human expertise in an open platform to stop attacks before they strike — giving you the clarity and confidence to stay ahead of every threat.
Sophos delivers adaptive, AI-powered cybersecurity — backed by real experts — so organizations can stay secure, resilient, and free to grow without compromise.
Sophos advantage in cybersecurity:
- Prevention: Sophos’ approach blocks more threats upfront to minimize risk and reduce investigation and response time.
- Trust: The only vendor named Gartner® Customers’ choice for endpoint, firewalls, mobile threats, and MDR, with 600K+ customers worldwide.
- Platform: Sophos products include 100+ integrations with other third-party solutions, plus services that are highly customizable to your needs.
Take Control of Every Threat