|
By Sophos
AI just became the world's most dangerous exploit writer. Here's why Sophos Endpoint is built to stop it. AI-generated zero-days are here. Sophos Endpoint was architected to stop exploits that have never been seen before — blocking the techniques every attack must use, at the moment of execution, with no signature, no cloud lookup, and no configuration required.
On April 29, 2026, details about the ‘Copy Fail’ vulnerability (CVE-2026-31431) were publicly disclosed. This high-severity (CVSS score of 7.8) privilege escalation vulnerability impacts Linux distributions shipped since 2017. It allows an unprivileged local user to obtain root-level access on affected Linux systems by corrupting the kernel’s in-memory page cache of a privileged binary.
|
By Mark Loman
AI finds the vulnerabilities, but exploiting them is a different problem. How Sophos Endpoint defends in the AI era, and what the public record on Mythos shows. When Mozilla shipped Firefox 150 with fixes for 271 issues identified by Anthropic’s Mythos model, the headlines focused on the count. The detail that mattered was further down: Mozilla credited only three CVEs to the model. The remaining 268 were classified as defense-in-depth, hardening, or bugs in code paths that could not be exploited.
On April 29, 2026, security researchers detailed a campaign known as ‘mini Shai-Hulud’ that involves compromised versions of npm packages used in SAP’s Cloud Application Programming Model (CAP). The malicious packages reportedly contain functionality to steal sensitive data such as credentials. The stolen data is encrypted and exfiltrated via public GitHub repositories. The maintainers of known-compromised packages have released updated versions.
|
By Sophos X-Ops
Sophos X-Ops is aware of reports that two widely-used developer tools – the Checkmarx KICs security scanner and the Bitwarden CLI – were hijacked on April 22, 2026, to steal credentials from development environments. These attacks occurred within hours of each other and share the same command-and-control (C2) domain – potentially pointing to a single threat actor running a coordinated campaign. Both vendors have since reportedly contained the incidents.
|
By Ross McKerchar
For decades, passwords have been the standard method for protecting access to systems and accounts. However, passwords can be compromised or stolen via tactics such as brute-force attacks, phishing attacks, and infostealer malware. The shift to multi-factor authentication (MFA) added another layer of security by requiring additional authentication to verify the user’s identity – some combination of something you know, own, or (in the case of biometrics) are.
|
By Sophos
Sophos Firewall v22 MR1 is now available Check out the full release notes for more details and a list of fixes. Sophos Firewall v22 bolstered Secure by Design, taking it to a whole new level with major updates to the architecture and new features like the Health Check to help identify high-risk configurations.
|
By Morgan Demboski
Sophos analysts are investigating the active abuse of QEMU, an “open-source machine emulator and virtualizer,” by threat actors seeking to hide malicious activity within virtualized environments. Attackers are drawn to QEMU and more common hypervisor-based virtualization tools like Hyper-V, VirtualBox, and VMware because malicious activity within a virtual machine (VM) is essentially invisible to endpoint security controls and leaves little forensic evidence on the host itself.
|
By Sophos
Secure by Design: Building cybersecurity into the foundation An explainer of why this philosophy matters and how it reduces attack surface from the inside Secure by Design is a software development philosophy that treats security as a foundational requirement rather than an afterthought.
|
By Ross McKerchar
We can't control the pace of AI-driven vulnerability discovery, but we can control how fast we respond. Last week, Thomas Ptacek published a piece arguing that vulnerability research is cooked. His thesis: AI agents are about to drown us in a steady stream of validated, exploitable, high-severity vulnerabilities, faster than anyone can patch them. But from where I sit, the more urgent question isn't whether the flood is coming, but whether the infrastructure we depend on can absorb it.
|
By Sophos
Getting a clear ROI on your security investment has never been easier. Get cyber insurance in minutes from top brand global companies who all believe in the power of Sophos MDR so much, they are willing to enhance their insurance offerings for it.
|
By Sophos
The Sophos Security Services Retainer gives your organization flexible access to proactive security services, along with incident response coverage should a cyberattack happen.
|
By Sophos
Threat actors are getting better at hiding in plain sight through using virtual environments to evade detection and deliver ransomware. New research from Sophos X-Ops reveals an increase in the abuse of QEMU, an open-source emulator, to conceal malicious activity inside virtual machines. While this technique isn’t new, its use for defense evasion is accelerating, making visibility and detection even more challenging for defenders.
|
By Sophos
AI speed. Human judgment. Fully managed. Sophos MDR: the world's largest agentic SOC. Speak with an expert. Request a custom service proposal at Sophos.com/MDR.
|
By Sophos
A step-by-step tutorial that shows you how to deploy Sophos Firewall in AWS. It covers choosing a license model, creating an EC2 SSH key pair, launching the CloudFormation stack, registering the firewall in Sophos Central, and completing the default certificate.
|
By Sophos
An overview of the new Sophos Firewall Configuration Studio, the newest version of the Firewall Configuration Viewer. This standalone, browser-based tool converts firewall configurations into a clear, human-readable format, enhancing your viewing, auditing, documentation, and comparison capabilities. All data is processed locally, so your information remains 100% private. Ask questions and get expert answers in the Sophos Community.
|
By Sophos
Sophos enhances the Microsoft environments your customers already trust — helping you deliver stronger outcomes, clearer value, and a more defensible service offering. If you’re ready to build a more profitable and scalable Microsoft security practice, let’s talk.
|
By Sophos
A step-by-step tutorial showing you how to use a federated identity provider (IDP) to enforce access to critical resources only through Sophos Protected Browser. The optional step to enforce the use of Protected Browser via Sophos Endpoint is also shown. Note: Microsoft Entra ID is used as the IDP in this Techvid. Ask questions and get expert answers in the Sophos Community.
|
By Sophos
An overview of the Sophos Support Portal. Explore the available self-service resources, learn how to use Live Chat, create a Technical Support case, and more. Ask questions and get expert answers in the Sophos Community.
|
By Sophos
An overview of the Sophos Support Portal. Explore the available self-service resources, learn how to use Live Chat, create a Technical Support case, and much more. Ask questions and get expert answers in the Sophos Community.
|
By Sophos
This white paper reveals the attack techniques most likely to drive highimpact incidents - and provides practical advice on how to stop them. By learning from realworld attacks, businesses can strengthen their resilience and meaningfully reduce their cyber risk.
|
By Sophos
369 IT and cybersecurity leaders reveal the ransomware realities for financial services providers today. The report examines how the causes and consequences of ransomware attacks on financial services providers have evolved over time. This year's edition also sheds light on previously unexplored areas, including the organizational factors that left providers exposed and the human toll ransomware takes on IT and cybersecurity teams in the financial services sector.
|
By Sophos
Security Operations Centers (SOCs) are essential for detecting and responding to cyber threats, but building the right model isn't one-size-fits-all. With talent shortages and rising threat complexity, many organizations are rethinking how to scale security operations. This guide breaks down the pros, cons, and trade-offs of in-house, hybrid, and outsourced SOC models. Find the SOC strategy that fits your needs, risk profile, and available resources.
- May 2026 (5)
- April 2026 (17)
- March 2026 (17)
- February 2026 (6)
- January 2026 (10)
Sophos unites unmatched threat intelligence, adaptive AI, and human expertise in an open platform to stop attacks before they strike — giving you the clarity and confidence to stay ahead of every threat.
Sophos delivers adaptive, AI-powered cybersecurity — backed by real experts — so organizations can stay secure, resilient, and free to grow without compromise.
Sophos advantage in cybersecurity:
- Prevention: Sophos’ approach blocks more threats upfront to minimize risk and reduce investigation and response time.
- Trust: The only vendor named Gartner® Customers’ choice for endpoint, firewalls, mobile threats, and MDR, with 600K+ customers worldwide.
- Platform: Sophos products include 100+ integrations with other third-party solutions, plus services that are highly customizable to your needs.
Take Control of Every Threat