Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

We Gave OpenClaw Red Team Tools (It Found Domain Admin)

Jun 11, 2026 By Sophos In Sophos
Our Red Team handed OpenClaw a penetration testing toolkit and pointed it at one of our own legacy Active Directory networks. 23 findings across 11 attack paths... But the findings aren't the interesting part. What's interesting is how it got there. Work that takes our human team three days took the agent three hours. Mid assessment it hit a wall, reasoned about its own limitations and proposed spinning up an EC2 GPU instance to crack a password hash. Nobody told it to.
View Video
sophos

GitHub internal repositories breached

May 20, 2026 By Sophos X-Ops In Sophos
A malicious VS Code extension led to cloned private repositories, reportedly offered for sale on a criminal forum On May 19-20, 2026, GitHub confirmed a security incident affecting its own internal systems. A threat actor self-identifying as TeamPCP, also tracked as UNC6780, compromised an employee’s developer device by way of a malicious Visual Studio Code extension and used that foothold to clone roughly 3,800 of GitHub’s internal repositories.
Read Post
sophos

Sophos Firewall and Synchronized Security

May 20, 2026 By Chris McCormack In Sophos
Sophos Firewall and Synchronized Security Synchronized Security is a unique capability you won’t get anywhere else. If you look at what’s required to properly secure a modern network, it breaks down into three pillars: hardening, protection, and detection and response. Or another way to look at it: being equal parts proactive and reactive - or what you need to do before, during, and after an attack.
Read Post
sophos

WantToCry ransomware remotely encrypts files

May 19, 2026 By Sophos Counter Threat Unit Research Team In Sophos
SophosLabs analysts investigated WantToCry ransomware attacks that involved the threat actors abusing the Server Message Block (SMB) service for initial access and then exfiltrating files to attacker-controlled infrastructure for remote encryption. The detection surface is significantly reduced because WantToCry operates without local malware execution, and there is no post-compromise activity beyond exfiltrating files and rewriting them to disk.
Read Post

Sophos Firewall Config Studio: Migrate to Sophos Firewall

May 19, 2026 By Sophos In Sophos
A step-by-step tutorial on using Config Studio to convert configurations from supported third-party firewalls and import them into Sophos Firewall. Learn how to review migration results, fix flagged issues, and complete the process with confidence. Ask questions and get expert answers in the Sophos Community.
View Video

Sophos Email: Configure Self Service Portal for end-users

May 15, 2026 By Sophos In Sophos
A step-by-step tutorial showing you how to grant access to and configure the Sophos Central Self Service Portal (SSP) for end-users. This web interface allows end-users to perform daily tasks related to email management and more (depending on the configuration) without the need of an administrator. Ask questions and get expert answers in the Sophos Community.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.