Sophos

Mentioned 19 times across 2 podcasts this week

This Week's Pulse

Sophos recently integrated OpenAI's GPT-5.5-Cyber model into its defensive workflows and published its "The State of Identity Security 2026" report, which identified that 71% of organizations suffered an identity-related breach in the last year.

While the company Sophos is currently pushing forward with AI-driven defenses, its historical struggle with vulnerability management remains a focal point for security researchers. On Darknet Diaries, host Jack Rhysider noted how the firm had to overhaul its patch disclosure strategy because threat actors were weaponizing their transparency, stating, "Sophos discovered that the threat actors, T-STARK and GBigMao, were also accessing Sophos's site, logging in, and reading the knowledge base articles too to see what got patched."

The operational complexity of managing these vulnerabilities is a point of recurring tension. Craig Jones, speaking on Darknet Diaries, recalled the forensic challenges of past incidents, noting, "Volexity reached out to Sophos because they had a customer with Sophos firewalls, and they were called in to do the investigation on the Baja attack."

Looking ahead, the industry is recalibrating expectations for how quickly security vendors must disclose and fix flaws. On Hard Fork, Nikesh Arora argued that the traditional 90-day window for patching is becoming untenable, observing, "I think the 90-day window is gonna shrink, as you has rightly articulated. How much does it shrink? Still up for debate."

Where it's discussed

174: Pacific Rim

Darknet Diaries

Andrew Brandtneutralfrom “Sophos and Cyberoam Security Intrusions”

A UK-based cybersecurity provider that experienced multiple security incidents and acquired Cyberoam.

“So my name is Craig Jones. I'm the Chief Security Officer of Ontinue. But several years ago, I was actually the Senior Director of Information Security inside Sophos. I mean, if you don't know Sophos, we're a UK-based cybersecurity provider that has everything…”

Craig Jonesneutralfrom “Sophos Firewall Vulnerabilities and Nation-State Exploitation”

A cybersecurity company whose firewall products were targeted by multiple zero-day exploits.

“So this all happened in June. Uh, starting around August, September, uh, Sophos had started to communicate with other companies in the field, uh, some of whom did, uh, forensic analysis, uh, you know, for po- post-attack analysis for their customers, and one o…”

Jack Rhysiderneutralfrom “Sophos vs. Threat Actors: A Cybersecurity Cat-and-Mouse Game”

A cybersecurity company that had to change its patch disclosure strategy to prevent threat actors from reverse-engineering their security fixes.

“Now, when Sophos would issue a hotfix or patch their firewalls, they would tell their customer what the update was for, like, "Bug fixes for several security vulnerabilities. To learn more, visit our knowledge base." But Sophos discovered that the threat actor…”

Jack Rhysiderneutralfrom “Sophos Firewall Vulnerability and Asnarok Campaign”

A cybersecurity company whose firewall products were compromised by a SQL injection vulnerability.

“Okay, odd. Someone from China with a trial license of the Sophos Firewall found this bug and reported it to Sophos, and Sophos did in fact pay the bug bounty for this.”

Jack Rhysiderneutralfrom “Sophos Firewall Vulnerability Investigation”

The company whose firewalls were compromised by a sophisticated cyberattack.

“I could just imagine the headlines at this point, and just, I, I don't, I don't... My question is did any bad news come out to be like, "Sophos found vulnerable. Tens of thousands of customers impacted. Um, huge vulnerability. Hacker has complete control over …”

Jack Rhysiderpositivefrom “Sophos Cybersecurity Incident Response”

A firewall vendor that demonstrated transparency and deployed novel defenses during a sophisticated cyberattack.

“Oh man, this is now tugging at me in new ways. If every firewall vendor is getting hit with the same type of attack and Sophos is the only one being transparent about what they're seeing and what they're doing to mitigate this, then yeah, I give them a lot of …”

Jack Rhysiderneutralfrom “Sophos's Controversial Kernel Implant Strategy”

The security company that developed and deployed a kernel implant on devices to monitor threat actors.

“Wow, that is wild. This is going to take me a minute to fully grasp. Sophos developed an implant and sneakily put it on one of their customer's devices to essentially spy on them. Is that going too far?”

Jack Rhysiderneutralfrom “Sophos Firewall Security Breach Analysis”

A security company whose firewalls were targeted by threat actors using stolen source code.

“Oh my gosh, I didn't even think of that. So if we back up and look at the way all this has progressed, first they hacked into CyberRoam only to get the source code for Sophos firewalls, which gave them inside information to basically bug hunt. Then they infect…”

Jack Rhysiderpositivefrom “Sophos Threat Intelligence and Attribution”

The cybersecurity company whose firewalls were targeted by threat actors and whose team developed proactive defenses.

“Yeah, because since Craig had control of the firewall in that guy's lab, he could essentially see all the traffic going through it, which gave him a unique look into this person's life. And with these new insights and closely watching everything that was going…”

Andrew Brandtneutralfrom “Cybersecurity Investigation into Sophos Firewall Exploits”

The manufacturer of the firewalls being targeted and exploited by threat actors.

“Yeah, so, so this one was very much targeted. You know, the first attack was very much a, a, a spray and pray type attack. You know, th- this was specific devices ar- around the kinda Asia Pacific area. I think, you know, like Taiwan, Pakistan, places like, um…”

Jack Rhysiderneutralfrom “Sophos Firewall Hotfix Controversy”

The firewall vendor that issued a remote hotfix to customer devices to address a security vulnerability.

“This was the first time Sophos ever issued a hotfix to one of their customers' devices.”

Jack Rhysiderpositivefrom “Sophos and Chinese State-Sponsored Cyberattacks”

A security vendor that was targeted by a Chinese state-sponsored threat actor and worked with the FBI to address the attacks.

“message boards trying to get firewall companies to fix their stuff. I can't imagine what happened to turn him, to make him break bad in this way. It actually says in the FBI's Cyber's Most Wanted poster that this guy hacked into 80,000 Sophos firewalls. And ju…”

Jack Rhysiderneutralfrom “The Pacific Rim Campaign Incident Response”

A cybersecurity company whose firewalls were targeted by multiple attack campaigns, leading them to develop specialized response teams.

“Within about, I don't know, six to eight weeks after the hotfixes were rolled out, um, the threat actors had figured out what the hotfix did to make it impossible for the Ragnarak attack to work, and they had done a workaround. They had just, you know, bounced…”

Andrew Brandtpositivefrom “The Threat of UEFI Bootkits on Firewalls”

A firewall company that invested heavily in hardening their devices and was transparent about their security findings.

“which I actually kind of w- was kind of disappointing in a sense for me because I think, I think very often that this stuff hasn't stopped. I mean, the devices are significantly more secure now. Um, Sophos put, like, an inordinate amount of time, effort, and m…”

Craig Jonesneutralfrom “The Cloud Snooper Cyber Attack”

A cybersecurity company where Andrew Brandt worked as a principal researcher.

“Yeah, so I'm Andrew Brandt, and throughout the time that the research was going on for this story, I was a principal researcher for Sophos, but I am now a principal threat researcher for a company called Netcraft.”

Jack Rhysiderneutralfrom “The Pacific Rim Cyber Espionage Campaign”

A cybersecurity company whose firewalls were discussed in the context of security practices.

“You should say, "No, the Sophos firewalls are so good that they'll block those guys. Don't worry."”

Jack Rhysiderpositivefrom “Cybersecurity Investigation into Asnarok and Threat Actors”

Praised for their proactive efforts in implanting monitoring tools to gain insight into hacker activities and develop preemptive fixes.

“So this is why Sophos called this particular exploit Asnarok, a combination of the words Asgard and Ragnarok. And all these efforts on their side paid off. The implant gave them incredible insight into how these attackers were developing their exploits and wer…”

Jack Rhysiderneutralfrom “Tracking a Firewall Researcher and Developing a Kernel Implant”

The company whose products and forum system were being investigated by the threat actor.

“Okay, interesting. They looked up who registered that trial license, and this gave them an IP address, a username, and an e-mail address. The username was gbigmao. So now you pivot on that name. What other Sophos products has gbigmao downloaded?”

A.I. Safety Is So Back + Mythos Mayhem with Nikesh Arora + Hot Mess Express

Hard Fork

Nikesh Aroraneutralfrom “AI Vulnerability and Cybersecurity Defense”

Nikesh Arora's company, which recently patched critical vulnerabilities.

“Look, I think the, the principle of the 90-day window is to allow the owners of the product or the piece of software or piece of code to have enough time to investigate, to fix it, and make sure their customers are secured. I think the 90-day window is gonna s…”