The US Securities and Exchange Commission (SEC) has imposed fines on four companies, namely Unisys, Avaya Holdings Corp., Check Point and Mimecast, over their handling of the 2020 SolarWinds breach. Unisys was fined $4m for misleading disclosures and control violations, while the others were fined close to $1m each for vague or incomplete information about the breach’s impact on their operations. The SEC’s move aims to discourage similar “half-truth” communications in future cybersecurity incidents.

Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is