| https://twitter.com/Tom_From_The_UK |
Microsoft are rolling out Gaming Copilot to all Windows 11 PCs (excluding in China).
Enabled by default, silent install, takes screenshots and trains MS AI by default.
It installed on my Windows 11 Professional PC 🫡 it’s also not dependent on an NPU or Copilot+
I think the NCSC should probably release some details about what happened at JLR as I think it would help orgs defend, and help focus the minds of boards.
There’s 100% orgs out there thinking they were dealing with Russia’s elite intelligence unit, who they’d just pay off. Imagine, in fact, you’re in a fight with Mr. Bean.
My Cisco ASA firmware versions scan is now public: https://github.com/GossiTheDog/scanning/blob/main/Cisco-ASA-firmware-updates-CVE-2025-20333-CVE-2025-20363-CVE-2025-20362.csv
Fields:
IP,hostnames,FirmwareVersionKnown,FirmwareModifiedDate,Errors
Dates are UK date format - DD/MM/YY
If FirmwareModifiedDate is below */08/25 or */09/25, the device is vulnerable to #CyberWillyWave as the firmware was complied August 2025 or later.
New scan running now, results at weekend.
It gives you a very good indication as to how regularly orgs patch, e.g.
I've identified a way to establish if a box is vulnerable to #CyberWillyWave and started internet scanning, 90k boxes in progress.
Results probably at weekend if I'm bored or early next week.
Spoiler: a lot of orgs don't patch their Cisco edge devices. To be vuln to the full chain you have to be over a year behind with updates... and most orgs are over a year behind.
I've published scan results for CVE-2025-7775 (CitrixDeelb - which Bleed is spelt backwards as the CVE number is reverse of CitrixBleed2 
)
Columns = IP, SSL hostnames, firmware version, vulnerable to CVE-2025-7775 exploitation.
New by me - breaking down the attacks on UK highstreet retailers
The individuals operating under the DragonForce banner and attacking UK high street retailers are using social engineering for entry. I think it’s in the public interest to break down what is…
Anyone else having challenges with Public Domain Registry? Providing evidence of abuse, it’s on subdomains (main domains don’t host content). They seem to ignore the details I’m reporting and try and access the content on the base domain. Also had a handful of instance over the past few weeks where they claim to suspend a service but it stays up. WHOIS and DNS records aren’t updated/removed.
I highlight this and after a few days the domain is suspended and WHOIS and DNS records updated. Then getting gaslit in the response, where they are saying it must be my side caching the details and they had suspended the content.
Today we released the 2025 Sophos Active Adversary Report (AAR), looking at data from 413 incident-response cases handled by our X-Ops MDR and IR teams in 2024. This edition of the report has a number of interesting findings, a vastly expanded dataset, and -- in honor of our fifth anniversary -- a gift for the curious. /1
https://news.sophos.com/en-us/2025/04/02/it-takes-two-the-2025-sophos-active-adversary-report/
Kevin Beaumont
Sophos X-Ops