Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

sophos

How AI-accelerated threat discovery is reshaping network security

May 7, 2026 By Barbara Hudson In Sophos
How AI-accelerated threat discovery is reshaping network security As vulnerabilities are discovered faster than ever, organizations must rethink how they reduce exposure and contain risk at the network edge. Claude Mythos Preview has reignited debate about AI-driven cyber attacks, but the real shift isn’t what AI finds, it’s how quickly issues at the network edge can turn into impact. This post explores what’s changed and how network security must adapt to keep up.
Read Post

The Hackers Who Left Their Entire Playbook Online

May 7, 2026 By Sophos In Sophos
A ransomware group called Warlock tore through more than 60 organisations in six months, targeting the nuclear energy, aerospace, and government sectors. They chain zero-days and neutralise antivirus software using signed Chinese drivers. This is how they operate and how the Sophos CTU tracked them across eleven incidents to expose their full playbook​
View Video
sophos

Proof-of-concept exploit available for Linux 'Copy Fail' vulnerability (CVE-2026-31431)

May 1, 2026 By Sophos Counter Threat Unit Research Team In Sophos
On April 29, 2026, details about the ‘Copy Fail’ vulnerability (CVE-2026-31431) were publicly disclosed. This high-severity (CVSS score of 7.8) privilege escalation vulnerability impacts Linux distributions shipped since 2017. It allows an unprivileged local user to obtain root-level access on affected Linux systems by corrupting the kernel’s in-memory page cache of a privileged binary.
Read Post
sophos

AI finds the vulnerabilities, but exploiting them is a different problem.

May 1, 2026 By Mark Loman In Sophos
AI finds the vulnerabilities, but exploiting them is a different problem. How Sophos Endpoint defends in the AI era, and what the public record on Mythos shows. When Mozilla shipped Firefox 150 with fixes for 271 issues identified by Anthropic’s Mythos model, the headlines focused on the count. The detail that mattered was further down: Mozilla credited only three CVEs to the model. The remaining 268 were classified as defense-in-depth, hardening, or bugs in code paths that could not be exploited.
Read Post
sophos

AI just became the world's most dangerous exploit writer. Here's why Sophos Endpoint is built to stop it.

May 1, 2026 By Sophos In Sophos
AI just became the world's most dangerous exploit writer. Here's why Sophos Endpoint is built to stop it. AI-generated zero-days are here. Sophos Endpoint was architected to stop exploits that have never been seen before — blocking the techniques every attack must use, at the moment of execution, with no signature, no cloud lookup, and no configuration required.
Read Post

Inside the Hidden VM: How Attackers Stay Undetected

Apr 29, 2026 By Sophos In Sophos
Threat actors are getting better at hiding in plain sight through using virtual environments to evade detection and deliver ransomware. New research from Sophos X-Ops reveals an increase in the abuse of QEMU, an open-source emulator, to conceal malicious activity inside virtual machines. While this technique isn’t new, its use for defense evasion is accelerating, making visibility and detection even more challenging for defenders.
View Video
sophos

'Mini Shai-Hulud' supply chain attack targets SAP npm packages

Apr 29, 2026 By Sophos Counter Threat Unit Research Team In Sophos
On April 29, 2026, security researchers detailed a campaign known as ‘mini Shai-Hulud’ that involves compromised versions of npm packages used in SAP’s Cloud Application Programming Model (CAP). The malicious packages reportedly contain functionality to steal sensitive data such as credentials. The stolen data is encrypted and exfiltrated via public GitHub repositories. The maintainers of known-compromised packages have released updated versions.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.