The Latest

  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA pins modest security gains to performance goals program

    The federal agency said the number of critical infrastructure organizations enrolled in its vulnerability scanning program nearly doubled since 2022.

  • Illustrated man with fishing hook stealing key
    Image attribution tooltip
    stefanovsky via Getty Images
    Image attribution tooltip

    CISA adds second BeyondTrust CVE to known exploited vulnerabilities list

    Federal authorities are still working with the company to investigate a hack of Treasury Department workstations, but have not yet explained the CVEs’ specific roles in the attacks.

  • Matrix background of blurred programming code.
    Image attribution tooltip
    Getty Plus via Getty Images
    Image attribution tooltip

    Ivanti zero-day has researchers scrambling

    Threat hunters are on high alert as 900 Ivanti Connect Secure instances remain unpatched and vulnerable to exploitation, according to Shadowserver.

  • Rhode Island Chief Digital Officer Brian Tardiff and Gov. Dan McKee speak at a Dec. 30 press briefing on the cyberattack against the RIBridges social services database. The officials held a Jan. 10 briefing to notify thousands of recipients that breach notification letters were being mailed out.
    Image attribution tooltip
    Courtesy of Rhode Island
    Image attribution tooltip

    Hack of Rhode Island social services platform impacted at least 709K, officials say

    State officials received reports from Deloitte and a third-party forensic firm showing the threat to the database has been mitigated and restoration efforts are underway.

  • A stressed, frustrated woman uses her laptop.
    Image attribution tooltip
    Brothers91 via Getty Images
    Image attribution tooltip

    Consumers are becoming apathetic to cyber incidents, research finds

    Despite an increase in cyber incidents, breaches had less impact on consumer trust in 2024, a Vercara survey found.

  • CISA Director Jen Easterly
    Image attribution tooltip

    Center for Strategic and International Studies

    Image attribution tooltip

    CISA director reiterates prior calls for C-suites, boards to take cyber risk ownership

    Jen Easterly said companies need to consider cybersecurity threats as core risks that need to be fully incorporated into corporate business strategy.

  • A single opened padlock glows red among rows of closed blue padlocks.
    Image attribution tooltip
    JuSun via Getty Images
    Image attribution tooltip

    PowerSchool data breach possibly exposed student, staff data

    The cloud-based K-12 software provider confirmed a compromised credential was used to access its PowerSource customer support portal.

  • Team of hackers dressed in black work on computers in dark room.
    Image attribution tooltip
    gorodenkoff via Getty Images
    Image attribution tooltip

    Cyberattacks, tech disruption rank as top threats to business growth

    Two in five executives view data breaches and leaks as the most financially burdensome man-made threats, a Chubb study found.

  • A closeup shot of long colorful lines of code on a computer screen.
    Image attribution tooltip
    Wirestock via Getty Images
    Image attribution tooltip

    Ivanti customers confront new zero-day with suspected nation-state nexus

    The latest attacks come one year after a threat group exploited a pair of zero-days in the same Ivanti product.

  • Group of people working in a modern board room with augmented reality interface, all objects in the scene are 3D
    Image attribution tooltip
    piranka via Getty Images
    Image attribution tooltip

    4 cybersecurity trends to watch in 2025

    Critical industries are up against never before seen challenges to remain secure and operational, while regulatory pressures have completely upended the role of the CISO in corporate America.

  • Harry Coker Jr. speaking before the Foundation for the Defense of Democracies on Jan. 7, 2025.
    Image attribution tooltip
    Permission granted by Foundation for Defense of Democracies
    Image attribution tooltip

    National cyber director calls for deterrence against China-affiliated cyber threats

    Harry Coker Jr. said China and other adversaries cannot be allowed free reign to conduct malicious cyber activities.   

  • Anne Neuberger deputy national security advisor for cyber and emerging technologies, speaks at the Billington Cybersecurity Summit with Brad Medairy, EVP, Booz Allen.
    Image attribution tooltip
    Courtesy of Billington CyberSecurity Summit
    Image attribution tooltip

    White House program to certify the security of IoT devices goes live

    The White House is also working on an executive order to limit federal purchasing of connected products that meet the minimum security standards under the program.

  • A candlestick stock chart is seen out of focus against a background of $100 dollar bills in this composite stock image.
    Image attribution tooltip
    Honglouwawa via Getty Images
    Image attribution tooltip

    Investors narrow scope of cyber funding deals in 2024

    Total funding was up 9% year over year to $9.5 billion. More than half of all dollars raised went to late-stage rounds, Pinpoint Search Group said.

  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA says hack targeting Treasury Department did not impact other federal agencies

    BeyondTrust says an investigation of a December attack spree is nearing completion and SaaS instances are fully patched. Hackers used a stolen key to attack Treasury workstations.

  • Telecom network above a city
    Image attribution tooltip
    NicoElNino via Getty Images
    Image attribution tooltip

    AT&T, Verizon say they evicted Salt Typhoon from their networks

    Two of the largest telecom providers in the U.S. said the China-government sponsored threat group is no longer embedded in their networks.

  • FBI Director Chris Wray announces a major operation to disrupt a state-linked botnet, during a speech the Aspen Cyber Summit, Sept. 18, 2024.
    Image attribution tooltip
    Permission granted by Aspen Cyber Summit, Laurence Genon
    Image attribution tooltip

    US Treasury office sanctions firm connected to state-sponsored Flax Typhoon threat group

    A Beijing-based cybersecurity company, Integrity Technology Group Inc., is linked to years of exploitation activity targeting U.S. critical infrastructure.

  • Artificial Intelligence Machine Learning Natural Language Processing Data Technology
    Image attribution tooltip
    Just_Super via Getty Images
    Image attribution tooltip

    What companies need to help secure AI

    Experts say MLOps will bridge the gap between development and operations, creating room for the inclusion of security and privacy practices, too.

  • U.S. Treasury Secretary Janet Yellen testifies before the House Committee on Financial Services
    Image attribution tooltip
    Win McNamee via Getty Images
    Image attribution tooltip

    Censys researchers warn 8,600 BeyondTrust instances still exposed

    As authorities investigate a December attack spree, the researchers added the caveat that not all instances are considered vulnerable.

  • whistleblower program, Peirce, Uyeda, confidentiality
    Image attribution tooltip
    hapabapa via Getty Images
    Image attribution tooltip

    SEC cybersecurity enforcement outlook uncertain as Trump 2.0 looms

    With issues such as cryptocurrency and climate change facing the next SEC chair, it’s unclear whether rolling back cybersecurity rules will be high on the priority list.

  • Apps for generative AI tools, including ChatGPT, Gemini and Copilot, are pictured on an Apple iPhone on Aug. 22, 2024 in Toronto, Canada.
    Image attribution tooltip
    Kenneth Cheung via Getty Images
    Image attribution tooltip

    Cyber leaders are bullish on generative AI despite risks: report

    Executives say they would overhaul tooling in exchange for better generative AI capabilities, according to a CrowdStrike survey.

  • Providence is the capital and most populous city in Rhode Island. Downtown Providence has numerous 19th-century mercantile buildings in the Federal and Victorian architectural styles.
    Image attribution tooltip
    Denis Tangney Jr./iStock via Getty Images
    Image attribution tooltip

    Hackers leaked data from Rhode Island ransomware attack, officials warn

    A criminal threat group had previously threatened to leak sensitive data from a Deloitte-managed social services database.

  • Statue of Alexander Hamilton.
    Image attribution tooltip
    Chip Somodevilla via Getty Images
    Image attribution tooltip

    Treasury Department says state-linked hacker gained access to unclassified data in major attack

    The compromise of agency workstations is linked to a previously disclosed compromise of certain BeyondTrust customers.

  • 3D digital circular dynamic wave.
    Image attribution tooltip
    Vitalii Pasichnyk/Getty via Getty Images
    Image attribution tooltip

    White House says 9th telecom company hit in Salt Typhoon spree

    A senior official blamed the intrusions on lax security and said in one case the compromise of a single administrator account led to access of over 100,000 routers.

  • Binary code of ones and zeros
    Image attribution tooltip
    deberrar/Getty Images via Getty Images
    Image attribution tooltip

    BeyondTrust customers hit by wave of attacks linked to compromised API key

    The cybersecurity vendor said an attacker compromised its access-management tool and reset customer passwords.

  • A closeup shot of long colorful lines of code on a computer screen.
    Image attribution tooltip
    Wirestock via Getty Images
    Image attribution tooltip

    Researchers warn of active exploitation of critical Apache Struts 2 flaw

    Exploitation activity was observed about a week after the CVE was disclosed.