Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On April 7, 2026, a security researcher described an Adobe Reader zero-day vulnerability that has been exploited since at least December 2025. The vulnerability allows threat actors to execute privileged Acrobat APIs via specially crafted malicious PDF files that execute obfuscated JavaScript when opened. Exploitation allows attackers to steal sensitive user and system data and to potentially launch additional attacks and remotely execute code.

No matter the country, industry, or company size, IT and cybersecurity teams report a heavy regulatory load and worry about staying aligned with requirements Organizations today operate under a substantial number of IT and cybersecurity compliance obligations.

Sophos named a 2026 Gartner Peer Insights Customers' Choice for Managed Detection and Response Third consecutive time being named a Customers’ Choice for MDR Sophos has been named a 2026 Gartner Peer Insights Customers' Choice in the 2026 Gartner Peer Insights Voice of the Customer for Managed Detection and Response (MDR).

Amazon GuardDuty enhances detection efficacy with Sophos threat intelligence Amazon has integrated Sophos threat intelligence into Amazon GuardDuty, expanding the breadth and accuracy of malicious threat detection for customers running workloads on Amazon Web Services (AWS). Threat intelligence is a cornerstone of effective cyber defenses. The higher the quality of intelligence, the faster security teams can detect, investigate, and block malicious activities.

Only 5% of organizations fully trust their cybersecurity providers. Let’s do better. In our industry, trust isn't an abstract concept. It’s the currency of cybersecurity – the foundation of every partnership we build and every protection we provide. However, a recent independent, vendor-agnostic survey of 5,000 cybersecurity decision-makers across 17 countries reveals a stark reality: we’re facing a trust crisis.

New Sophos survey reveals only 5% of IT leaders say they fully trust their cybersecurity vendors When organizations select a cybersecurity vendor, they’re placing critical operational resilience — people, data, and revenue — into that supplier’s hands. Yet despite this reliance, most organizations lack confidence in the vendors they depend on to keep them secure, according to new Sophos research.

On March 30, 2026, a supply chain security attack targeted Axios, a widely used JavaScript HTTP client for web and Node.js applications. Third-party researchers identified that Axios versions 1.14.1 and 0.30.4 published to the npm registry were compromised following the apparent takeover of a legitimate maintainer account. An attacker published unauthorized package updates that appeared legitimate.