Mastodawn

QEMU abused to evade detection and enable ransomware delivery

A look back at some of the key incidents involving the QEMU ransomware, and how it has been used to hide malicious activity within virtualized environments, as reported by Sophos researchers in late 2025.

Pulse ID: 69e23d47aed333fc5c20091f
Pulse Link: https://otx.alienvault.com/pulse/69e23d47aed333fc5c20091f
Pulse Author: CyberHunter_NL
Created: 2026-04-17 14:01:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #RansomWare #Sophos #bot #CyberHunter_NL

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange

OTX Bot 4d ago

Adobe Reader 0-day

On April 7, 2026, a security researcher described an Adobe Reader zero-day vulnerability that has been exploited since at least December 2025. The vulnerability allows threat actors to execute privileged Acrobat APIs via specially crafted malicious PDF files that execute obfuscated JavaScript when opened. Exploitation allows attackers to steal sensitive user and system data and to potentially launch additional attacks and remotely execute code. Recommendations: Reduce the risk by automatically scanning PDF email attachments, blocking suspicious files, training users to be wary of unsolicited attachments, and advising users to temporarily avoid using Adobe Reader to open PDFs. Reference: https://www.sophos.com/en-us/blog/adobe-reader-zero-day-vulnerability-in-active-exploitation

Pulse ID: 69dd08644df9f1c45b8992b5
Pulse Link: https://otx.alienvault.com/pulse/69dd08644df9f1c45b8992b5
Pulse Author: AlienVault
Created: 2026-04-13 15:14:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#0Day #Adobe #AdobeReader #CyberSecurity #Email #HTTP #HTTPS #InfoSec #Java #JavaScript #OTX #OpenThreatExchange #PDF #Sophos #Vulnerability #ZeroDay #bot #AlienVault

Adobe Reader zero-day vulnerability in active exploitation

A zero-day vulnerability in Adobe Reader has been exploited since at least December 2025

SOPHOS

Daniel Keer Mar 23

🆕 Here's how to deploy a Sophos firewall on VMware vCenter

https://thedxt.ca/2026/03/deploy-sophos-firewall-on-vmware-vcenter/

#VMware #vCenter #vExpert #Sophos #Firewall #Networking #SFOS @sophos

Deploy Sophos Firewall on VMware vCenter

A virtual SFOS (Sophos Firewall Operating System) can run on many hypervisors, including VMware. In this post, I will show you step by step how to deploy a virtual SFOS on VMware vCenter. The Process There are two locations where you can download the Sophos firewall files. The first is the Sophos Firewall Installers... Read More Read More

theDXT

Daniel Keer Mar 22

🧑‍💻 Here's how to complete the initial setup of a Sophos firewall.

https://thedxt.ca/2026/03/sophos-firewall-initial-setup/

#Sophos #Firewall #Networking #SFOS #Setup @sophos

Sophos Firewall Initial Setup

Before you can start using a Sophos firewall, you must complete the initial setup. In this post, I will show you step by step, how to complete the initial setup of a virtual SFOS (Sophos Firewall Operating System). The process will be similar on a physical Sophos firewall. Prerequisites The Process The default admin... Read More Read More

theDXT

Daniel Keer Mar 21

🗺️ When you setup a Sophos VM firewall on vSphere and add new interfaces the mappings go out the window.

Here's how to figure out the mappings.

https://thedxt.ca/2026/03/sophos-firewall-interface-mapping-on-vsphere/

#Sophos #Firewall #Interface #SFOS @sophos #Networking #VMware #vExpert

Sophos Firewall Interface Mapping on vSphere

When you deploy a Sophos firewall on VMware vSphere, you start with 3 network interfaces PortA for LAN, PortB for WAN, and PortC is unassigned. In VMware vCenter, PortA is Network adapter 1, PortB is Network adapter 2, and PortC is Network adapter 3. However, when you add more network adapters in VMware vSphere,... Read More Read More

theDXT

Daniel Keer Mar 16

🛜 Here's how to remove the GuestAP interface on a Sophos firewall.

https://thedxt.ca/2026/03/sophos-firewall-remove-guestap-interface/

#Sophos #Firewall #GuestAP #SFOS @sophos

Sophos Firewall Remove GuestAP Interface

By default, Sophos firewalls have a wireless network interface called GuestAP. Normally, this isn’t much of an issue, but if you don’t plan to use Sophos Wireless, it doesn’t make sense to keep the GuestAP network interface. In this post, I will show you step by step how to remove the GuestAP network interface... Read More Read More

theDXT

furicle Feb 25

Hey #infosec peoples - has anyone done quality testing of various DNS blocking providers?
e.g. something like take a grey noise list and see how quad nine compares to opendns etc ?

Considering whether to use #Sophos's new DNS protection...