Sorry

This feed does not validate.

In addition, interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

Source: https://feeds.feedburner.com/sophos/dgdY

  1. <?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
  2. xmlns:content="http://purl.org/rss/1.0/modules/content/"
  3. xmlns:wfw="http://wellformedweb.org/CommentAPI/"
  4. xmlns:dc="http://purl.org/dc/elements/1.1/"
  5. xmlns:atom="http://www.w3.org/2005/Atom"
  6. xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
  7. xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
  8. xmlns:georss="http://www.georss.org/georss"
  9. xmlns:geo="http://www.w3.org/2003/01/geo/wgs84_pos#"
  10. xmlns:media="http://search.yahoo.com/mrss/"
  11. >
  12.  
  13. <channel>
  14. <title>Sophos News</title>
  15. <atom:link href="https://news.sophos.com/en-us/feed/" rel="self" type="application/rss+xml" />
  16. <link>https://news.sophos.com/en-us/</link>
  17. <description>The Sophos Blog</description>
  18. <lastBuildDate>Wed, 12 Feb 2025 22:06:36 +0000</lastBuildDate>
  19. <language>en-US</language>
  20. <sy:updatePeriod>
  21. hourly </sy:updatePeriod>
  22. <sy:updateFrequency>
  23. 1 </sy:updateFrequency>
  24. <generator>https://wordpress.org/?v=6.7.2</generator>
  25.  
  26. <image>
  27. <url>https://news.sophos.com/wp-content/uploads/2020/01/cropped-sophos.png?w=32</url>
  28. <title>Sophos News</title>
  29. <link>https://news.sophos.com/en-us/</link>
  30. <width>32</width>
  31. <height>32</height>
  32. </image>
  33. <site xmlns="com-wordpress:feed-additions:1">166161023</site> <item>
  34. <title>Turbocharge your network with our new 10-gigabit switch</title>
  35. <link>https://news.sophos.com/en-us/2025/02/12/turbocharge-your-network-with-our-new-10-gigabit-switch/</link>
  36. <comments>https://news.sophos.com/en-us/2025/02/12/turbocharge-your-network-with-our-new-10-gigabit-switch/?noamp=mobile#respond</comments>
  37. <dc:creator><![CDATA[Barbara Hudson]]></dc:creator>
  38. <pubDate>Wed, 12 Feb 2025 13:57:50 +0000</pubDate>
  39. <category><![CDATA[Products & Services]]></category>
  40. <category><![CDATA[network]]></category>
  41. <category><![CDATA[Switch]]></category>
  42. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=959719</guid>
  43.  
  44. <description><![CDATA[The perfect way to keep pace with the most data-intensive applications.]]></description>
  45. <wfw:commentRss>https://news.sophos.com/en-us/2025/02/12/turbocharge-your-network-with-our-new-10-gigabit-switch/feed/</wfw:commentRss>
  46. <slash:comments>0</slash:comments>
  47. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/Hero.png?w=230&#38;h=130&#38;crop=1" medium="image" alt="CS1010-8FP" />
  48. <post-id xmlns="com-wordpress:feed-additions:1">959719</post-id>
  49. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2025/02/Hero.png" alt="CS1010-8FP" />
  50. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/Hero.png" medium="image" alt="CS1010-8FP">
  51. <media:title type="html">CS1010-8FP</media:title>
  52. </media:content>
  53. </item>
  54. <item>
  55. <title>February Patch Tuesday delivers 57 packages</title>
  56. <link>https://news.sophos.com/en-us/2025/02/11/february-patch-tuesday-delivers-57-packages/</link>
  57. <comments>https://news.sophos.com/en-us/2025/02/11/february-patch-tuesday-delivers-57-packages/?noamp=mobile#respond</comments>
  58. <dc:creator><![CDATA[Angela Gunn]]></dc:creator>
  59. <pubDate>Tue, 11 Feb 2025 20:17:34 +0000</pubDate>
  60. <category><![CDATA[Threat Research]]></category>
  61. <category><![CDATA[featured]]></category>
  62. <category><![CDATA[Microsoft]]></category>
  63. <category><![CDATA[Patch Tuesday]]></category>
  64. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=959730</guid>
  65.  
  66. <description><![CDATA[After January’s deluge, a calmer update volume returns]]></description>
  67. <wfw:commentRss>https://news.sophos.com/en-us/2025/02/11/february-patch-tuesday-delivers-57-packages/feed/</wfw:commentRss>
  68. <slash:comments>0</slash:comments>
  69. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/shutterstock_594142787.jpg?w=230&#38;h=130&#38;crop=1" medium="image" alt="" />
  70. <post-id xmlns="com-wordpress:feed-additions:1">959730</post-id>
  71. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2025/02/shutterstock_594142787.jpg" alt="" />
  72. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/shutterstock_594142787.jpg" medium="image" alt="" />
  73.  
  74. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/pt2502-figure01.png" medium="image" alt="A bar chart showing distribution of February 2025 Patch Tuesday releases arranged by impact, as detailed in text.">
  75. <media:title type="html">A bar chart showing distribution of February 2025 Patch Tuesday releases arranged by impact, as detailed in text.</media:title>
  76. </media:content>
  77.  
  78. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/pt2502-figure02.png" medium="image" alt="A bar chart showing distribution of February 2025 patches by affected product family, as shown in text">
  79. <media:title type="html">A bar chart showing distribution of February 2025 patches by affected product family, as shown in text</media:title>
  80. </media:content>
  81.  
  82. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/pt2502-figure03.png" medium="image" alt="A bar chart showing the distribution of 2025 patches arranged by impact, as covered in text">
  83. <media:title type="html">A bar chart showing the distribution of 2025 patches arranged by impact, as covered in text</media:title>
  84. </media:content>
  85. </item>
  86. <item>
  87. <title>Sophos AI Assistant: Accelerating security operations with GenAI</title>
  88. <link>https://news.sophos.com/en-us/2025/02/11/sophos-ai-assistant-accelerating-security-operations-with-genai/</link>
  89. <comments>https://news.sophos.com/en-us/2025/02/11/sophos-ai-assistant-accelerating-security-operations-with-genai/?noamp=mobile#respond</comments>
  90. <dc:creator><![CDATA[rajansanhotra]]></dc:creator>
  91. <pubDate>Tue, 11 Feb 2025 14:37:16 +0000</pubDate>
  92. <category><![CDATA[Products & Services]]></category>
  93. <category><![CDATA[AI]]></category>
  94. <category><![CDATA[artificial intelligence]]></category>
  95. <category><![CDATA[Extended Detection and Response]]></category>
  96. <category><![CDATA[featured]]></category>
  97. <category><![CDATA[gen ai]]></category>
  98. <category><![CDATA[Generative AI]]></category>
  99. <category><![CDATA[Security Operations]]></category>
  100. <category><![CDATA[XDR]]></category>
  101. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=959705</guid>
  102.  
  103. <description><![CDATA[Introducing the powerful new AI Assistant in Sophos XDR. Crafted by experts, created for everyone.]]></description>
  104. <wfw:commentRss>https://news.sophos.com/en-us/2025/02/11/sophos-ai-assistant-accelerating-security-operations-with-genai/feed/</wfw:commentRss>
  105. <slash:comments>0</slash:comments>
  106. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/AI-Assistant-1.png?w=230&#38;h=130&#38;crop=1" medium="image" alt="Sophos AI Assistant: Accelerating security operations with GenAI" />
  107. <post-id xmlns="com-wordpress:feed-additions:1">959705</post-id>
  108. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2025/02/AI-Assistant-1.png" alt="Sophos AI Assistant: Accelerating security operations with GenAI" />
  109. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/AI-Assistant-1.png" medium="image" alt="Sophos AI Assistant: Accelerating security operations with GenAI">
  110. <media:title type="html">Sophos AI Assistant: Accelerating security operations with GenAI</media:title>
  111. </media:content>
  112. </item>
  113. <item>
  114. <title>Scalable Vector Graphics files pose a novel phishing threat</title>
  115. <link>https://news.sophos.com/en-us/2025/02/05/svg-phishing/</link>
  116. <comments>https://news.sophos.com/en-us/2025/02/05/svg-phishing/?noamp=mobile#respond</comments>
  117. <dc:creator><![CDATA[Andrew Brandt]]></dc:creator>
  118. <pubDate>Wed, 05 Feb 2025 17:01:03 +0000</pubDate>
  119. <category><![CDATA[Threat Research]]></category>
  120. <category><![CDATA[.svg]]></category>
  121. <category><![CDATA[featured]]></category>
  122. <category><![CDATA[Phishing]]></category>
  123. <category><![CDATA[Scalable vector graphics]]></category>
  124. <category><![CDATA[Spam]]></category>
  125. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=959586</guid>
  126.  
  127. <description><![CDATA[The SVG file format can harbor malicious HTML, scripts, and malware]]></description>
  128. <wfw:commentRss>https://news.sophos.com/en-us/2025/02/05/svg-phishing/feed/</wfw:commentRss>
  129. <slash:comments>0</slash:comments>
  130. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image1.jpeg?w=230&#38;h=130&#38;crop=1" medium="image" alt="" />
  131. <post-id xmlns="com-wordpress:feed-additions:1">959586</post-id>
  132. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image1.jpeg" alt="" />
  133. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image1.jpeg" medium="image" alt="">
  134. <media:title type="html">202502_svgphish_image1</media:title>
  135. </media:content>
  136.  
  137. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image2.png" medium="image" alt="The content of a legitimate SVG file source alongside a thumbnail">
  138. <media:title type="html">The content of a legitimate SVG file source alongside a thumbnail</media:title>
  139. </media:content>
  140.  
  141. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image3.png" medium="image" alt="A malicious SVG links to a Google Doc file">
  142. <media:title type="html">A malicious SVG links to a Google Doc file</media:title>
  143. </media:content>
  144.  
  145. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image4.png" medium="image" alt="A simplistic malicious SVG hotlinks the recipient&#039;s email and some text to a phishing page">
  146. <media:title type="html">A simplistic malicious SVG hotlinks the recipient&#039;s email and some text to a phishing page</media:title>
  147. </media:content>
  148.  
  149. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image5.png" medium="image" alt="A malicious SVG attached to a fake &#034;fax notification&#034; email">
  150. <media:title type="html">A malicious SVG attached to a fake &#034;fax notification&#034; email</media:title>
  151. </media:content>
  152.  
  153. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/image4.png" medium="image" alt="" />
  154.  
  155. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image7.png" medium="image" alt="A CAPTCHA protects a phishing site">
  156. <media:title type="html">A CAPTCHA protects a phishing site</media:title>
  157. </media:content>
  158.  
  159. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image8.png" medium="image" alt="An alternative CAPTCHA page gating a phishing site">
  160. <media:title type="html">An alternative CAPTCHA page gating a phishing site</media:title>
  161. </media:content>
  162.  
  163. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image9.png" medium="image" alt="The SVG contains a live link that points to a raster image resembling a SharePoint notification hosted elsewhere">
  164. <media:title type="html">The SVG contains a live link that points to a raster image resembling a SharePoint notification hosted elsewhere</media:title>
  165. </media:content>
  166.  
  167. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image10.png" medium="image" alt="The &#034;LegalSkillsTraining&#034; website hosts nothing but images leveraged in SVG phishing campaigns">
  168. <media:title type="html">The &#034;LegalSkillsTraining&#034; website hosts nothing but images leveraged in SVG phishing campaigns</media:title>
  169. </media:content>
  170.  
  171. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image11.png" medium="image" alt="A Wikipedia entry fills space in this malicious SVG that also includes Javascript">
  172. <media:title type="html">A Wikipedia entry fills space in this malicious SVG that also includes Javascript</media:title>
  173. </media:content>
  174.  
  175. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image12.png" medium="image" alt="The &#034;RaccoonClient&#034; version of the SVG automatically loads the phishing page after a delay">
  176. <media:title type="html">The &#034;RaccoonClient&#034; version of the SVG automatically loads the phishing page after a delay</media:title>
  177. </media:content>
  178.  
  179. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image13.png" medium="image" alt="The source of the phishing page shows it loading the Microsoft login content inside a frame within the page">
  180. <media:title type="html">The source of the phishing page shows it loading the Microsoft login content inside a frame within the page</media:title>
  181. </media:content>
  182.  
  183. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image14.png" medium="image" alt="One of the external sites that received exfiltrated data, &#034;VirtualPorno,&#034; which had nothing of the sort but did have open directories">
  184. <media:title type="html">One of the external sites that received exfiltrated data, &#034;VirtualPorno,&#034; which had nothing of the sort but did have open directories</media:title>
  185. </media:content>
  186.  
  187. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image15.png" medium="image" alt="An SVG phishing page exfiltrates data to a Telegram bot">
  188. <media:title type="html">An SVG phishing page exfiltrates data to a Telegram bot</media:title>
  189. </media:content>
  190.  
  191. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image16.png" medium="image" alt="A &#034;voicemail&#034; download link prompts for a password. The target&#039;s email address was prefilled.">
  192. <media:title type="html">A &#034;voicemail&#034; download link prompts for a password. The target&#039;s email address was prefilled.</media:title>
  193. </media:content>
  194.  
  195. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image17.png" medium="image" alt="A fake Google Voice login also had the target&#039;s email address as well as the name of their employer&#039;s organization embedded in the page.">
  196. <media:title type="html">A fake Google Voice login also had the target&#039;s email address as well as the name of their employer&#039;s organization embedded in the page.</media:title>
  197. </media:content>
  198.  
  199. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image18.png" medium="image" alt="A fake Dropbox login in Japanese prompts the target to download a voicemail message">
  200. <media:title type="html">A fake Dropbox login in Japanese prompts the target to download a voicemail message</media:title>
  201. </media:content>
  202.  
  203. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/image1.png" medium="image" alt="" />
  204.  
  205. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image20.png" medium="image" alt="The local HTML file prompts the user to click the Open button">
  206. <media:title type="html">The local HTML file prompts the user to click the Open button</media:title>
  207. </media:content>
  208.  
  209. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image21.png" medium="image" alt="The error message indicates that instead of a webpage it was trying to open a local network path">
  210. <media:title type="html">The error message indicates that instead of a webpage it was trying to open a local network path</media:title>
  211. </media:content>
  212.  
  213. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image22.png" medium="image" alt="A network path that contained a hardcoded username and password">
  214. <media:title type="html">A network path that contained a hardcoded username and password</media:title>
  215. </media:content>
  216.  
  217. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image23.png" medium="image" alt="The SVG with a base64 data blob inside">
  218. <media:title type="html">The SVG with a base64 data blob inside</media:title>
  219. </media:content>
  220.  
  221. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image24.png" medium="image" alt="The zip file contained a password-protected executable and an unprotected text file that contained the password for the other file">
  222. <media:title type="html">The zip file contained a password-protected executable and an unprotected text file that contained the password for the other file</media:title>
  223. </media:content>
  224.  
  225. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image25.png" medium="image" alt="The password in the text file compressed with the malware">
  226. <media:title type="html">The password in the text file compressed with the malware</media:title>
  227. </media:content>
  228.  
  229. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image26.png" medium="image" alt="First choose another app...">
  230. <media:title type="html">First choose another app...</media:title>
  231. </media:content>
  232.  
  233. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image27.png" medium="image" alt="...then pick something benign that should open it instead of the browser">
  234. <media:title type="html">...then pick something benign that should open it instead of the browser</media:title>
  235. </media:content>
  236.  
  237. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image28.png" medium="image" alt="Your first clue is the .ru">
  238. <media:title type="html">Your first clue is the .ru</media:title>
  239. </media:content>
  240.  
  241. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/202502_svgphish_image29.png" medium="image" alt=" I hope your lawyer writes more than absolutely nothing when they send you a contract to sign">
  242. <media:title type="html"> I hope your lawyer writes more than absolutely nothing when they send you a contract to sign</media:title>
  243. </media:content>
  244. </item>
  245. <item>
  246. <title>Sophos Acquires Secureworks</title>
  247. <link>https://news.sophos.com/en-us/2025/02/03/sophos-acquires-secureworks/</link>
  248. <dc:creator><![CDATA[Editor]]></dc:creator>
  249. <pubDate>Mon, 03 Feb 2025 15:07:16 +0000</pubDate>
  250. <category><![CDATA[Products & Services]]></category>
  251. <category><![CDATA[featured]]></category>
  252. <category><![CDATA[MDR]]></category>
  253. <category><![CDATA[NDR]]></category>
  254. <category><![CDATA[SecureWorks]]></category>
  255. <category><![CDATA[Security Operations]]></category>
  256. <category><![CDATA[Taegis]]></category>
  257. <category><![CDATA[XDR]]></category>
  258. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=959518</guid>
  259.  
  260. <description><![CDATA[Transforming the future, together]]></description>
  261. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/SW-D1-Sophos-News-Partner-News-Sites-1200x628-1.png?w=230&#38;h=130&#38;crop=1" medium="image" alt="Sophos and Secureworks logos" />
  262. <post-id xmlns="com-wordpress:feed-additions:1">959518</post-id>
  263. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2025/01/SW-D1-Sophos-News-Partner-News-Sites-1200x628-1.png" alt="Sophos and Secureworks logos" />
  264. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/SW-D1-Sophos-News-Partner-News-Sites-1200x628-1.png" medium="image" alt="Sophos and Secureworks logos">
  265. <media:title type="html">SW-D1-Sophos-News-Partner-News-Sites-1200x628</media:title>
  266. </media:content>
  267. </item>
  268. <item>
  269. <title>Update: Cybercriminals still not fully on board the AI train (yet)</title>
  270. <link>https://news.sophos.com/en-us/2025/01/28/update-cybercriminals-still-not-fully-on-board-the-ai-train-yet/</link>
  271. <dc:creator><![CDATA[Matt Wixey]]></dc:creator>
  272. <pubDate>Tue, 28 Jan 2025 13:00:45 +0000</pubDate>
  273. <category><![CDATA[Threat Research]]></category>
  274. <category><![CDATA[AI]]></category>
  275. <category><![CDATA[ChatGPT]]></category>
  276. <category><![CDATA[cybercrime forums]]></category>
  277. <category><![CDATA[featured]]></category>
  278. <category><![CDATA[scams]]></category>
  279. <category><![CDATA[Social engineering]]></category>
  280. <category><![CDATA[Sophos X-Ops]]></category>
  281. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=959395</guid>
  282.  
  283. <description><![CDATA[A year after our initial research on threat actors’ attitudes to generative AI, we revisit some underground forums and find that many cybercriminals are still skeptical – although there has been a slight shift]]></description>
  284. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/shutterstock_1164378040.jpg?w=230&#38;h=130&#38;crop=1" medium="image" alt="A robot hand on the left reaches towards a human hand on the right, with a blurred blue-black cityscape in the background" />
  285. <post-id xmlns="com-wordpress:feed-additions:1">959395</post-id>
  286. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2025/01/shutterstock_1164378040.jpg" alt="A robot hand on the left reaches towards a human hand on the right, with a blurred blue-black cityscape in the background" />
  287. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/shutterstock_1164378040.jpg" medium="image" alt="A robot hand on the left reaches towards a human hand on the right, with a blurred blue-black cityscape in the background">
  288. <media:title type="html">View,Of,A,Cyborg,Robot,Hand,On,A,City,Background</media:title>
  289. </media:content>
  290.  
  291. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image2_516eda.png" medium="image" alt="A screenshot from a criminal forum">
  292. <media:title type="html">A screenshot from a criminal forum</media:title>
  293. </media:content>
  294.  
  295. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image3_7b5278.png" medium="image" alt="A screenshot from a criminal forum">
  296. <media:title type="html">A screenshot from a criminal forum</media:title>
  297. </media:content>
  298.  
  299. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image4.png" medium="image" alt="A screenshot from a criminal forum">
  300. <media:title type="html">A screenshot from a criminal forum</media:title>
  301. </media:content>
  302.  
  303. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image5.png" medium="image" alt="A screenshot from a criminal forum">
  304. <media:title type="html">A screenshot from a criminal forum</media:title>
  305. </media:content>
  306.  
  307. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image6.png" medium="image" alt="A screenshot from a criminal forum">
  308. <media:title type="html">A screenshot from a criminal forum</media:title>
  309. </media:content>
  310.  
  311. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image7.png" medium="image" alt="A screenshot from a criminal forum">
  312. <media:title type="html">A screenshot from a criminal forum</media:title>
  313. </media:content>
  314.  
  315. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image8.png" medium="image" alt="A screenshot from a criminal forum">
  316. <media:title type="html">A screenshot from a criminal forum</media:title>
  317. </media:content>
  318.  
  319. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image9.png" medium="image" alt="A screenshot from a criminal forum">
  320. <media:title type="html">A screenshot from a criminal forum</media:title>
  321. </media:content>
  322.  
  323. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image10.png" medium="image" alt="A screenshot from a criminal forum">
  324. <media:title type="html">A screenshot from a criminal forum</media:title>
  325. </media:content>
  326.  
  327. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image11.png" medium="image" alt="A screenshot from a criminal forum">
  328. <media:title type="html">A screenshot from a criminal forum</media:title>
  329. </media:content>
  330.  
  331. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image12.png" medium="image" alt="A screenshot from a criminal forum">
  332. <media:title type="html">A screenshot from a criminal forum</media:title>
  333. </media:content>
  334.  
  335. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image13.png" medium="image" alt="A screenshot from a criminal forum">
  336. <media:title type="html">A screenshot from a criminal forum</media:title>
  337. </media:content>
  338.  
  339. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image14.png" medium="image" alt="A screenshot from a criminal forum">
  340. <media:title type="html">A screenshot from a criminal forum</media:title>
  341. </media:content>
  342.  
  343. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image15.png" medium="image" alt="A screenshot from a criminal forum">
  344. <media:title type="html">A screenshot from a criminal forum</media:title>
  345. </media:content>
  346.  
  347. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image16.png" medium="image" alt="A screenshot from a criminal forum">
  348. <media:title type="html">A screenshot from a criminal forum</media:title>
  349. </media:content>
  350.  
  351. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image17.png" medium="image" alt="A screenshot from a criminal forum">
  352. <media:title type="html">A screenshot from a criminal forum</media:title>
  353. </media:content>
  354.  
  355. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image18.png" medium="image" alt="A screenshot from a criminal forum">
  356. <media:title type="html">A screenshot from a criminal forum</media:title>
  357. </media:content>
  358.  
  359. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image19.png" medium="image" alt="A screenshot from a criminal forum">
  360. <media:title type="html">A screenshot from a criminal forum</media:title>
  361. </media:content>
  362.  
  363. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image20a.png" medium="image" alt="A screenshot from a criminal forum">
  364. <media:title type="html">A screenshot from a criminal forum</media:title>
  365. </media:content>
  366.  
  367. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image21.png" medium="image" alt="A screenshot from a criminal forum">
  368. <media:title type="html">A screenshot from a criminal forum</media:title>
  369. </media:content>
  370.  
  371. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image22.png" medium="image" alt="A screenshot from a criminal forum">
  372. <media:title type="html">A screenshot from a criminal forum</media:title>
  373. </media:content>
  374.  
  375. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image23.png" medium="image" alt="A screenshot from a criminal forum">
  376. <media:title type="html">A screenshot from a criminal forum</media:title>
  377. </media:content>
  378.  
  379. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image24.png" medium="image" alt="" />
  380.  
  381. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image25.png" medium="image" alt="A screenshot from a criminal forum">
  382. <media:title type="html">A screenshot from a criminal forum</media:title>
  383. </media:content>
  384.  
  385. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image26.png" medium="image" alt="A screenshot from a criminal forum">
  386. <media:title type="html">A screenshot from a criminal forum</media:title>
  387. </media:content>
  388.  
  389. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image27.png" medium="image" alt="A screenshot from a criminal forum">
  390. <media:title type="html">A screenshot from a criminal forum</media:title>
  391. </media:content>
  392. </item>
  393. <item>
  394. <title>Beyond the hype: The business reality of AI for cybersecurity</title>
  395. <link>https://news.sophos.com/en-us/2025/01/28/beyond-the-hype-the-business-reality-of-ai-for-cybersecurity/</link>
  396. <dc:creator><![CDATA[Sally Adam]]></dc:creator>
  397. <pubDate>Tue, 28 Jan 2025 12:30:44 +0000</pubDate>
  398. <category><![CDATA[Products & Services]]></category>
  399. <category><![CDATA[AI]]></category>
  400. <category><![CDATA[artificial intelligence]]></category>
  401. <category><![CDATA[deep learning]]></category>
  402. <category><![CDATA[featured]]></category>
  403. <category><![CDATA[gen ai]]></category>
  404. <category><![CDATA[Generative AI]]></category>
  405. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=958874</guid>
  406.  
  407. <description><![CDATA[Real-world insights from 400 IT leaders, plus practical guidance to enhance business outcomes]]></description>
  408. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/beyond-the-hype-news-blog-banner-1536x864px.jpg?w=230&#38;h=130&#38;crop=1" medium="image" alt="Navigating the AI Hype in Cybersecurity" />
  409. <post-id xmlns="com-wordpress:feed-additions:1">958874</post-id>
  410. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2025/01/beyond-the-hype-news-blog-banner-1536x864px.jpg" alt="Navigating the AI Hype in Cybersecurity" />
  411. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/beyond-the-hype-news-blog-banner-1536x864px.jpg" medium="image" alt="Navigating the AI Hype in Cybersecurity">
  412. <media:title type="html">beyond-the-hype-news-blog-banner-1536x864px</media:title>
  413. </media:content>
  414.  
  415. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/cybersecurite-1.png" medium="image" alt="AI terminology">
  416. <media:title type="html">AI terminology</media:title>
  417. </media:content>
  418.  
  419. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/cybersecurite-2.png" medium="image" alt="AI adoption">
  420. <media:title type="html">AI adoption</media:title>
  421. </media:content>
  422.  
  423. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/cybersecurite-4.png" medium="image" alt="GenAI desired benefits">
  424. <media:title type="html">GenAI desired benefits</media:title>
  425. </media:content>
  426.  
  427. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/cybersecurite-5.png" medium="image" alt="GenAI benefits by organization size">
  428. <media:title type="html">GenAI benefits by organization size</media:title>
  429. </media:content>
  430.  
  431. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/cybersecurite-6.png" medium="image" alt="AI flaws">
  432. <media:title type="html">AI flaws</media:title>
  433. </media:content>
  434.  
  435. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/cybersecurite-7.png" medium="image" alt="When evaluating the Generative AI capabilities in cybersecurity solutions, does your organization assess the caliber of the cybersecurity processes and controls used in the development of the Generative AI? ">
  436. <media:title type="html">When evaluating the Generative AI capabilities in cybersecurity solutions, does your organization assess the caliber of the cybersecurity processes and controls used in the development of the Generative AI? </media:title>
  437. </media:content>
  438.  
  439. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/cybersecurite-8.png" medium="image" alt="Thinking about the cost of Generative AI capabilities, to what extent do you agree or disagree with the following statements within your organization: The costs of Generative AI in cybersecurity tools will be fully offset by the savings it delivers. Strongly agree, Agree. (n=400)​">
  440. <media:title type="html">Thinking about the cost of Generative AI capabilities, to what extent do you agree or disagree with the following statements within your organization: The costs of Generative AI in cybersecurity tools will be fully offset by the savings it delivers. Strongly agree, Agree. (n=400)​</media:title>
  441. </media:content>
  442.  
  443. <media:content url="https://news.sophos.com/wp-content/uploads/2025/02/cybersecurite-9.png" medium="image" alt="Thinking about the cost of Generative AI capabilities, to what extent do you agree or disagree with the following statement: The costs of the Generative AI capabilities available in cybersecurity products are hard to measure. Strongly agree, Agree. (n=400)​">
  444. <media:title type="html">Thinking about the cost of Generative AI capabilities, to what extent do you agree or disagree with the following statement: The costs of the Generative AI capabilities available in cybersecurity products are hard to measure. Strongly agree, Agree. (n=400)​</media:title>
  445. </media:content>
  446. </item>
  447. <item>
  448. <title>Sophos MDR tracks two ransomware campaigns using &#8220;email bombing,&#8221; Microsoft Teams “vishing”</title>
  449. <link>https://news.sophos.com/en-us/2025/01/21/sophos-mdr-tracks-two-ransomware-campaigns-using-email-bombing-microsoft-teams-vishing/</link>
  450. <dc:creator><![CDATA[gallagherseanm]]></dc:creator>
  451. <pubDate>Tue, 21 Jan 2025 11:30:14 +0000</pubDate>
  452. <category><![CDATA[Security Operations]]></category>
  453. <category><![CDATA[Threat Research]]></category>
  454. <category><![CDATA[Black Basta]]></category>
  455. <category><![CDATA[featured]]></category>
  456. <category><![CDATA[Fin7]]></category>
  457. <category><![CDATA[Java malware]]></category>
  458. <category><![CDATA[legitimate service abuse]]></category>
  459. <category><![CDATA[Microsoft Office 365]]></category>
  460. <category><![CDATA[python malware]]></category>
  461. <category><![CDATA[Quick Assist]]></category>
  462. <category><![CDATA[remote machine management]]></category>
  463. <category><![CDATA[STAC5143]]></category>
  464. <category><![CDATA[stac5777]]></category>
  465. <category><![CDATA[Teams]]></category>
  466. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=959250</guid>
  467.  
  468. <description><![CDATA[Sophos MDR identifies a new threat cluster riffing on the playbook of Storm-1811, and amped-up activity from the original connected to Black Basta ransomware.]]></description>
  469. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/emailbomb.jpg?w=230&#38;h=130&#38;crop=1" medium="image" alt="" />
  470. <post-id xmlns="com-wordpress:feed-additions:1">959250</post-id>
  471. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2025/01/emailbomb.jpg" alt="" />
  472. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/emailbomb.jpg" medium="image" alt="">
  473. <media:title type="html">Email,Alert,And,Message,Sending,/,Receiving,Concept,:,Envelope</media:title>
  474. </media:content>
  475.  
  476. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/Rpivot-obfuscated.png" medium="image" alt="A screenshot of Python code from an obfuscated copy of RPivot dropped by the STAC5143 attackers.">
  477. <media:title type="html">A screenshot of Python code from an obfuscated copy of RPivot dropped by the STAC5143 attackers.</media:title>
  478. </media:content>
  479.  
  480. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/Fig2Vishing.png" medium="image" alt="Figure 2:Sophos Central investigation screen of threat actor’s incoming activity captured by Microsoft Office 365 integration">
  481. <media:title type="html">Figure 2:Sophos Central investigation screen of threat actor’s incoming activity captured by Microsoft Office 365 integration</media:title>
  482. </media:content>
  483.  
  484. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/TeamsVishingfig2.png" medium="image" alt="" />
  485. </item>
  486. <item>
  487. <title>Gootloader inside out</title>
  488. <link>https://news.sophos.com/en-us/2025/01/16/gootloader-inside-out/</link>
  489. <dc:creator><![CDATA[Gabor Szappanos]]></dc:creator>
  490. <pubDate>Thu, 16 Jan 2025 17:00:02 +0000</pubDate>
  491. <category><![CDATA[Threat Research]]></category>
  492. <category><![CDATA[featured]]></category>
  493. <category><![CDATA[Gootkit]]></category>
  494. <category><![CDATA[Gootloader]]></category>
  495. <category><![CDATA[HelloDolly]]></category>
  496. <category><![CDATA[JScript]]></category>
  497. <category><![CDATA[malicious SEO]]></category>
  498. <category><![CDATA[malware]]></category>
  499. <category><![CDATA[obfuscation]]></category>
  500. <category><![CDATA[php]]></category>
  501. <category><![CDATA[PHP shell]]></category>
  502. <category><![CDATA[SEO]]></category>
  503. <category><![CDATA[WordPress]]></category>
  504. <category><![CDATA[YARA]]></category>
  505. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=959285</guid>
  506.  
  507. <description><![CDATA[Open-source intelligence reveals the server-side code of this pernicious SEO-driven malware - without needing a lawyer afterward]]></description>
  508. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/shutterstock_2429786175.jpg?w=230&#38;h=130&#38;crop=1" medium="image" alt="" />
  509. <post-id xmlns="com-wordpress:feed-additions:1">959285</post-id>
  510. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2025/01/shutterstock_2429786175.jpg" alt="" />
  511. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/shutterstock_2429786175.jpg" medium="image" alt="">
  512. <media:title type="html">Magic,Wand,And,Top,Hat,Isolated,On,White.,Magician,Trick</media:title>
  513. </media:content>
  514.  
  515. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image1.png" medium="image" alt="A list of Gootloader JScript filenames, which correspond to the search query that led victims to download them">
  516. <media:title type="html">A list of Gootloader JScript filenames, which correspond to the search query that led victims to download them</media:title>
  517. </media:content>
  518.  
  519. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image2.png" medium="image" alt="Gootloader has poisoned search results in multiple languages, including German, French, and Korean ">
  520. <media:title type="html">Gootloader has poisoned search results in multiple languages, including German, French, and Korean </media:title>
  521. </media:content>
  522.  
  523. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image3.png" medium="image" alt="Source of the Gootkit/Gootloader landing pages reveal a number of different search terms and phrases the threat actors wanted search engines to index. The linked subpages (selected with green) don&#039;t actually exist. The injected WordPress code defines a few hooks, one of them is for non-existing pages. This will serve the fake forum discussion, when the victim clicks on the search result">
  524. <media:title type="html">Source of the Gootkit/Gootloader landing pages reveal a number of different search terms and phrases the threat actors wanted search engines to index. The linked subpages (selected with green) don&#039;t actually exist. The injected WordPress code defines a few hooks, one of them is for non-existing pages. This will serve the fake forum discussion, when the victim clicks on the search result</media:title>
  525. </media:content>
  526.  
  527. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image4.png" medium="image" alt=" A screenshot of the source code from a Gootkit/Goodloader landing page. Image courtesy of Sucuri Research.">
  528. <media:title type="html"> A screenshot of the source code from a Gootkit/Goodloader landing page. Image courtesy of Sucuri Research.</media:title>
  529. </media:content>
  530.  
  531. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image5.png" medium="image" alt="The WordPress database dump included this table that contains a set of the first three octets of IP addresses, a block list of IP ranges that cannot revisit the Gootloader website on the same day">
  532. <media:title type="html">The WordPress database dump included this table that contains a set of the first three octets of IP addresses, a block list of IP ranges that cannot revisit the Gootloader website on the same day</media:title>
  533. </media:content>
  534.  
  535. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image6.png" medium="image" alt="A block of base64-encoded data stored as a variable named $pposte in a WordPress database">
  536. <media:title type="html">A block of base64-encoded data stored as a variable named $pposte in a WordPress database</media:title>
  537. </media:content>
  538.  
  539. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image7.png" medium="image" alt="Malicious SEO content phrases embedded in a WordPress database table, linking the site to an Excel spreadsheet converter search query">
  540. <media:title type="html">Malicious SEO content phrases embedded in a WordPress database table, linking the site to an Excel spreadsheet converter search query</media:title>
  541. </media:content>
  542.  
  543. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image8.png" medium="image" alt="The &#034;place marker&#034; string appears in the OpenGraph metadata SEO headers of a Gootkit/Gootloader-modified web page">
  544. <media:title type="html">The &#034;place marker&#034; string appears in the OpenGraph metadata SEO headers of a Gootkit/Gootloader-modified web page</media:title>
  545. </media:content>
  546.  
  547. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image9.png" medium="image" alt="Files that contain references to the Gootloader &#034;mothership&#034; website (screenshot courtesy of VirusTotal)">
  548. <media:title type="html">Files that contain references to the Gootloader &#034;mothership&#034; website (screenshot courtesy of VirusTotal)</media:title>
  549. </media:content>
  550.  
  551. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image10.png" medium="image" alt="Commented text, preceded with double slashes, documents the Gootkit characteristics of modified web pages">
  552. <media:title type="html">Commented text, preceded with double slashes, documents the Gootkit characteristics of modified web pages</media:title>
  553. </media:content>
  554.  
  555. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image11.png" medium="image" alt="a WordPress database dump in VirusTotal">
  556. <media:title type="html">a WordPress database dump in VirusTotal</media:title>
  557. </media:content>
  558.  
  559. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image12.png" medium="image" alt=" A SQL dump from a compromised WordPress installation contains base64-encoded elements of the Gootkit/Gootloader modifications">
  560. <media:title type="html"> A SQL dump from a compromised WordPress installation contains base64-encoded elements of the Gootkit/Gootloader modifications</media:title>
  561. </media:content>
  562.  
  563. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image13.png" medium="image" alt="The decoded base64 data from the WordPress database reveals the PHP script that handles decoding the malicious content for a site visitor">
  564. <media:title type="html">The decoded base64 data from the WordPress database reveals the PHP script that handles decoding the malicious content for a site visitor</media:title>
  565. </media:content>
  566.  
  567. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image14.png" medium="image" alt="A simple command shell Gootkit inserts into the PHP running in a WordPress site the threat actors have comrpomised">
  568. <media:title type="html">A simple command shell Gootkit inserts into the PHP running in a WordPress site the threat actors have comrpomised</media:title>
  569. </media:content>
  570.  
  571. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image15.png" medium="image" alt="The portion of the Gootkit code that collects the HTML content of the fake page it will later draw over the top of the compromised website">
  572. <media:title type="html">The portion of the Gootkit code that collects the HTML content of the fake page it will later draw over the top of the compromised website</media:title>
  573. </media:content>
  574.  
  575. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image16.png" medium="image" alt=" The Gootkit code blocks repeat visitors by adding not only the visitor&#039;s IP address range to a block list, but the entire class C IPv4 address range on either side of the visitor&#039;s address, just for good measure">
  576. <media:title type="html"> The Gootkit code blocks repeat visitors by adding not only the visitor&#039;s IP address range to a block list, but the entire class C IPv4 address range on either side of the visitor&#039;s address, just for good measure</media:title>
  577. </media:content>
  578.  
  579. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image17.png" medium="image" alt="The Gootkit/Gootloader fake forum page, featuring a &#034;question&#034; and an &#034;answer&#034; that links to the Gootloader JScript first-stage payload">
  580. <media:title type="html">The Gootkit/Gootloader fake forum page, featuring a &#034;question&#034; and an &#034;answer&#034; that links to the Gootloader JScript first-stage payload</media:title>
  581. </media:content>
  582.  
  583. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image18.png" medium="image" alt="The unique key is linked in a Javascript code snippet embedded in the compromised WordPress server page.">
  584. <media:title type="html">The unique key is linked in a Javascript code snippet embedded in the compromised WordPress server page.</media:title>
  585. </media:content>
  586.  
  587. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image19.png" medium="image" alt="A set of commands that deletes from view the original page content on the compromised WordPress server page the visitor lands on">
  588. <media:title type="html">A set of commands that deletes from view the original page content on the compromised WordPress server page the visitor lands on</media:title>
  589. </media:content>
  590.  
  591. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image20.png" medium="image" alt="The replacement content includes the text of the &#034;Questions And Answers&#034; fake forum page">
  592. <media:title type="html">The replacement content includes the text of the &#034;Questions And Answers&#034; fake forum page</media:title>
  593. </media:content>
  594.  
  595. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image21.png" medium="image" alt="The download link points to a php script hosted on a different server. This link delivers the .js file packed into a Zip archive which comprises the first stage Gootloader payload">
  596. <media:title type="html">The download link points to a php script hosted on a different server. This link delivers the .js file packed into a Zip archive which comprises the first stage Gootloader payload</media:title>
  597. </media:content>
  598.  
  599. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image22.png" medium="image" alt="A Gootkit/Gootloader fake forum page in German. The source code of the page shows the link points to a file named down.php hosted on a completely different server than the one where the page appears. The link marked in red will connect to the server that is hosting the first-stage download JScript.">
  600. <media:title type="html">A Gootkit/Gootloader fake forum page in German. The source code of the page shows the link points to a file named down.php hosted on a completely different server than the one where the page appears. The link marked in red will connect to the server that is hosting the first-stage download JScript.</media:title>
  601. </media:content>
  602.  
  603. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image23.png" medium="image" alt="The source code of the PHP script that delivers the first stage Gootloader payload">
  604. <media:title type="html">The source code of the PHP script that delivers the first stage Gootloader payload</media:title>
  605. </media:content>
  606.  
  607. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image24.png" medium="image" alt="Screenshot of the modified HelloDolly.php script (courtesy of the Rich Infante blog)">
  608. <media:title type="html">Screenshot of the modified HelloDolly.php script (courtesy of the Rich Infante blog)</media:title>
  609. </media:content>
  610.  
  611. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image25.png" medium="image" alt="Another format of the modified HelloDolly.php script shows the unique identifier string">
  612. <media:title type="html">Another format of the modified HelloDolly.php script shows the unique identifier string</media:title>
  613. </media:content>
  614.  
  615. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image26.png" medium="image" alt="A variation on the modified HelloDolly.php script">
  616. <media:title type="html">A variation on the modified HelloDolly.php script</media:title>
  617. </media:content>
  618.  
  619. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image27.png" medium="image" alt="A screenshot that summarizes the modification process Gootloader uses (image courtesy of the Rich Infante blog)">
  620. <media:title type="html">A screenshot that summarizes the modification process Gootloader uses (image courtesy of the Rich Infante blog)</media:title>
  621. </media:content>
  622.  
  623. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image28.png" medium="image" alt="A WordPress database dump contains the same elements that the Rich Infante blog references">
  624. <media:title type="html">A WordPress database dump contains the same elements that the Rich Infante blog references</media:title>
  625. </media:content>
  626.  
  627. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image29.png" medium="image" alt="The encoded form of a PHP script that delivers the .js payload">
  628. <media:title type="html">The encoded form of a PHP script that delivers the .js payload</media:title>
  629. </media:content>
  630.  
  631. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image30.png" medium="image" alt="A screenshot of a file uploaded to VirusTotal shows references to the IP address formerly used to host the Gootkit/Gootloader &#034;mothership&#034; server">
  632. <media:title type="html">A screenshot of a file uploaded to VirusTotal shows references to the IP address formerly used to host the Gootkit/Gootloader &#034;mothership&#034; server</media:title>
  633. </media:content>
  634.  
  635. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image31.png" medium="image" alt="The my-game website as it appeared in 2014, a Russian-language gambling site called &#034;Casino Game Life&#034;">
  636. <media:title type="html">The my-game website as it appeared in 2014, a Russian-language gambling site called &#034;Casino Game Life&#034;</media:title>
  637. </media:content>
  638.  
  639. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/202501_gootloader_image32.png" medium="image" alt="The my-game domain that continues to host the Gootkit/Gootloader mothership originally belonged to a German team that played the game Counter-Strike competitively">
  640. <media:title type="html">The my-game domain that continues to host the Gootkit/Gootloader mothership originally belonged to a German team that played the game Counter-Strike competitively</media:title>
  641. </media:content>
  642. </item>
  643. <item>
  644. <title>Sophos ZTNA Updates</title>
  645. <link>https://news.sophos.com/en-us/2025/01/16/sophos-ztna-updates/</link>
  646. <dc:creator><![CDATA[Chris McCormack]]></dc:creator>
  647. <pubDate>Thu, 16 Jan 2025 14:25:20 +0000</pubDate>
  648. <category><![CDATA[Products & Services]]></category>
  649. <category><![CDATA[network]]></category>
  650. <category><![CDATA[ZTNA]]></category>
  651. <guid isPermaLink="false">https://news.sophos.com/en-us/?p=959228</guid>
  652.  
  653. <description><![CDATA[New Let's Encrypt and regional support.]]></description>
  654. <media:content url="https://news.sophos.com/wp-content/uploads/2024/07/sophos-ztna.png?w=230&#38;h=130&#38;crop=1" medium="image" alt="sophos ztna" />
  655. <post-id xmlns="com-wordpress:feed-additions:1">959228</post-id>
  656. <media:thumbnail url="https://news.sophos.com/wp-content/uploads/2024/07/sophos-ztna.png" alt="sophos ztna" />
  657. <media:content url="https://news.sophos.com/wp-content/uploads/2024/07/sophos-ztna.png" medium="image" alt="sophos ztna">
  658. <media:title type="html">sophos ztna</media:title>
  659. </media:content>
  660.  
  661. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image1.png?w=279" medium="image" alt="Lets Encrypt">
  662. <media:title type="html">Lets Encrypt</media:title>
  663. </media:content>
  664.  
  665. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image2.png" medium="image" alt="Lets Encrypt">
  666. <media:title type="html">Lets Encrypt</media:title>
  667. </media:content>
  668.  
  669. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/ZTNAscreenshot.jpg" medium="image" alt="ZTNA">
  670. <media:title type="html">ZTNA</media:title>
  671. </media:content>
  672.  
  673. <media:content url="https://news.sophos.com/wp-content/uploads/2025/01/image4.jpg" medium="image" alt="Regions">
  674. <media:title type="html">Regions</media:title>
  675. </media:content>
  676. </item>
  677. </channel>
  678. </rss>
  679.  
Copyright © 2002-9 Sam Ruby, Mark Pilgrim, Joseph Walton, and Phil Ringnalda