|
By Sophos X-Ops
A malicious VS Code extension led to cloned private repositories, reportedly offered for sale on a criminal forum On May 19-20, 2026, GitHub confirmed a security incident affecting its own internal systems. A threat actor self-identifying as TeamPCP, also tracked as UNC6780, compromised an employee’s developer device by way of a malicious Visual Studio Code extension and used that foothold to clone roughly 3,800 of GitHub’s internal repositories.
|
By Chris McCormack
Sophos Firewall and Synchronized Security Synchronized Security is a unique capability you won’t get anywhere else. If you look at what’s required to properly secure a modern network, it breaks down into three pillars: hardening, protection, and detection and response. Or another way to look at it: being equal parts proactive and reactive - or what you need to do before, during, and after an attack.
SophosLabs analysts investigated WantToCry ransomware attacks that involved the threat actors abusing the Server Message Block (SMB) service for initial access and then exfiltrating files to attacker-controlled infrastructure for remote encryption. The detection surface is significantly reduced because WantToCry operates without local malware execution, and there is no post-compromise activity beyond exfiltrating files and rewriting them to disk.
|
By Mohammed Zubair
Sophos X-Ops looks at the Atomic macOS Stealer and its capabilities Sophos Managed Detection and Response (MDR) teams recently responded to a customer incident involving an infostealer infection on a macOS host. When we investigated, we found that the infostealer appeared to be a variant of AMOS (Atomic macOS), a well-known malware family we’ve written about before. The attack began with a ClickFix-style ruse, where a user was tricked into running a terminal command.
|
By Sophos
State of Identity Security 2026 report finds human error and poor non-human identity management are the root causes of most attacks, as agentic AI accelerates the risk.
|
By Mark Loman
Sophos Endpoint in action: Blocking a novel supply chain attack How the unique anti-exploitation capabilities included with Sophos Endpoint blocked a supply chain attack. Sophos Endpoint is architected from the ground up to automatically block exploits, ransomware, and attacker techniques by default with zero manual tuning.
|
By Doug Aamoth
The State of Identity Security 2026: Identity is the new perimeter Discover the causes and consequences of identity threats based on a survey of 5,000 organizations across 17 countries. In the modern cybersecurity landscape, the traditional network perimeter has dissolved. Today, identity as a perimeter keeps getting stronger and stronger. As organizations accelerate cloud adoption and integrate AI systems, the number of digital identities, both human and non-human, has grown exponentially.
|
By John Peterson
GPT-5.5-Cyber is here. What it means for defenders operating at the frontier. OpenAI’s May 7 release of GPT-5.5 and the limited preview of GPT-5.5-Cyber put frontier AI in verified defenders’ hands. As a member of the Trusted Access for Cyber program, Sophos is using these models to sharpen what we already operate: an agentic SOC that resolves more than half of cases without a human, and an endpoint architecture purpose-built to stop AI-generated zero-days.
|
By Mark Loman
Ransomware: AI changes the writer. It doesn't change the math. Why most endpoint protection still treats ransomware as just another piece of malware, and what changes when you watch the data instead of the attacker. In 2013, CryptoLocker introduced the modern ransomware playbook. It also introduced something most of the industry has still not come to terms with: remote encryption.
|
By Sophos
Use the Sophos Central Self Service Portal to perform daily email tasks without the need of a network administrator, including managing quarantined messages, allowing or blocking senders, and leveraging the Emergency Inbox in the event of a service outage.
|
By Sophos
A step-by-step tutorial on using Config Studio to convert configurations from supported third-party firewalls and import them into Sophos Firewall. Learn how to review migration results, fix flagged issues, and complete the process with confidence. Ask questions and get expert answers in the Sophos Community.
|
By Sophos
A step-by-step tutorial showing you how to grant access to and configure the Sophos Central Self Service Portal (SSP) for end-users. This web interface allows end-users to perform daily tasks related to email management and more (depending on the configuration) without the need of an administrator. Ask questions and get expert answers in the Sophos Community.
|
By Sophos
With the right planning and tools, migrating to Sophos Firewall is controlled and low risk. Take the next step with Sophos Firewall, a Secure by Design firewall built to simplify operations, reduce risk, and protect your network by default.
|
By Sophos
Sophos Email delivers enterprise-grade protection that keeps malicious messages out of user inboxes, elevates your defense against AI-powered adversaries, trains your employees to stay vigilant, and simplifies day-to-day security operations - all at a competitive price point.
|
By Sophos
A ransomware group called Warlock tore through more than 60 organisations in six months, targeting the nuclear energy, aerospace, and government sectors. They chain zero-days and neutralise antivirus software using signed Chinese drivers. This is how they operate and how the Sophos CTU tracked them across eleven incidents to expose their full playbook
|
By Sophos
A step-by-step tutorial for integrating Active Directory in your Sophos Firewall. The steps are shown in SFOS v21, so the steps and user interface may vary slightly in later versions. Ask questions and get expert answers in the Sophos Community.
|
By Sophos
Getting a clear ROI on your security investment has never been easier. Get cyber insurance in minutes from top brand global companies who all believe in the power of Sophos MDR so much, they are willing to enhance their insurance offerings for it.
|
By Sophos
The Sophos Security Services Retainer gives your organization flexible access to proactive security services, along with incident response coverage should a cyberattack happen.
|
By Sophos
Threat actors are getting better at hiding in plain sight through using virtual environments to evade detection and deliver ransomware. New research from Sophos X-Ops reveals an increase in the abuse of QEMU, an open-source emulator, to conceal malicious activity inside virtual machines. While this technique isn’t new, its use for defense evasion is accelerating, making visibility and detection even more challenging for defenders.
|
By Sophos
This white paper reveals the attack techniques most likely to drive highimpact incidents - and provides practical advice on how to stop them. By learning from realworld attacks, businesses can strengthen their resilience and meaningfully reduce their cyber risk.
|
By Sophos
369 IT and cybersecurity leaders reveal the ransomware realities for financial services providers today. The report examines how the causes and consequences of ransomware attacks on financial services providers have evolved over time. This year's edition also sheds light on previously unexplored areas, including the organizational factors that left providers exposed and the human toll ransomware takes on IT and cybersecurity teams in the financial services sector.
|
By Sophos
Security Operations Centers (SOCs) are essential for detecting and responding to cyber threats, but building the right model isn't one-size-fits-all. With talent shortages and rising threat complexity, many organizations are rethinking how to scale security operations. This guide breaks down the pros, cons, and trade-offs of in-house, hybrid, and outsourced SOC models. Find the SOC strategy that fits your needs, risk profile, and available resources.
- May 2026 (25)
- April 2026 (17)
- March 2026 (17)
- February 2026 (6)
- January 2026 (10)
Sophos unites unmatched threat intelligence, adaptive AI, and human expertise in an open platform to stop attacks before they strike — giving you the clarity and confidence to stay ahead of every threat.
Sophos delivers adaptive, AI-powered cybersecurity — backed by real experts — so organizations can stay secure, resilient, and free to grow without compromise.
Sophos advantage in cybersecurity:
- Prevention: Sophos’ approach blocks more threats upfront to minimize risk and reduce investigation and response time.
- Trust: The only vendor named Gartner® Customers’ choice for endpoint, firewalls, mobile threats, and MDR, with 600K+ customers worldwide.
- Platform: Sophos products include 100+ integrations with other third-party solutions, plus services that are highly customizable to your needs.
Take Control of Every Threat