The Latest
-
Pharmaceutical firm Inotiv investigating ransomware attack that disrupted operations
The company says it doesn’t yet know if the incident will have a material impact.
-
Palo Alto Networks shares surge after company releases strong annual forecast
The cybersecurity firm said its “platformization” strategy is beginning to pay dividends as more large customers consolidate their spending on its offerings.
-
Businesses focus on AI, cloud, despite cyber defense oversights
Recent surveys found enterprises are enthusiastically adopting AI, even as they neglect basic cybersecurity measures.
-
NIST seeks input on control overlays for securing AI systems
The federal agency plans to develop guidance to organizations about various AI use cases.
-
Developers knowingly push vulnerable code, despite growing breach risk
Only three in 10 respondents said their application security programs were highly mature.
-
Cybersecurity ranks among top three risks to manufacturing sector
Most companies are planning major AI investments to address growing threats to OT systems.
-
Water sector expands partnership with volunteer hackers
As threats to critical infrastructure grow and government funding stagnates, operators are turning to civic-minded volunteers from the cybersecurity industry.
-
Trump administration cyber cuts eroding private sector’s trust, confidence
A report by Swimlane shows companies are reducing cybersecurity spending and security teams are experiencing increasing pressure.
Updated Aug. 14, 2025 -
White House urged to revamp cyber regulations
A leading trade group said the Trump administration should rein in a major pending cybersecurity rule as well as embrace AI-based cyber defenses.
-
US agencies, international allies issue guidance on OT asset inventorying
The guidance includes specific examples for three critical infrastructure sectors that held workshops with CISA.
-
Xerox patches critical vulnerability in FreeFlow Core application
Researchers at Horizon3.ai discovered the flaw after flagging unusual behavior in a customer environment.
Updated Aug. 13, 2025 -
CISA, Microsoft update guidance on Exchange Server vulnerability
Officials reiterated their belief that hackers were not exploiting the flaw, but nonetheless urged users to immediately check their systems.
-
Financial impact from severe OT events could top $300B
A report from industrial cybersecurity firm Dragos highlights growing risks of business interruption and supply-chain disruptions.
-
Citrix NetScaler flaws lead to critical infrastructure breaches
Dutch authorities said hackers penetrated several critical infrastructure providers, in a warning sign for vulnerable organizations elsewhere.
Updated Aug. 12, 2025 -
DOJ, international partners take down BlackSuit group’s infrastructure
BlackSuit has been among the most prolific ransomware gangs in recent years, targeting government agencies, critical manufacturing companies and healthcare firms.
-
Research shows AI agents are highly vulnerable to hijacking attacks
Experts from Zenity Labs demonstrated how attackers could exploit widely deployed AI technologies for data theft and manipulation.
-
Cyber experts ponder a non-government future for the CVE program
Organizations supporting the security vulnerability program said it needed changes to improve stability and rebuild trust.
-
DARPA touts value of AI-powered vulnerability detection as it announces competition winners
The U.S. military research agency hopes to foster a new ecosystem of autonomous vulnerability remediation.
-
CISA officials say agency is moving ahead despite workforce purge
Two senior officials defended the agency’s progress amid concerns about the effects of mass layoffs and budget cuts.
-
Financially motivated cluster a key player in ToolShell exploitation
Researchers from Palo Alto Networks detail ransomware deployment and malicious backdoors in a campaign against Microsoft SharePoint users.
-
NSA partnering with cyber firms to support under-resourced defense contractors
The spy agency has sought out creative ways to help protect small companies supplying the U.S. military.
-
SonicWall says recent attack wave involved previously disclosed flaw, not zero-day
The company said it had linked recent hacks to customers’ use of legacy credentials when migrating from Gen 6 to Gen 7 firewalls.
-
CISA, Microsoft warn about new Microsoft Exchange server vulnerability
The flaw could enable a hacker to perform a “total domain compromise” on affected systems, CISA said.
Updated Aug. 7, 2025 -
US still prioritizing zero-trust migration to limit hacks’ damage
The zero-trust initiative, which gained steam during the Biden administration, is still underway.
Updated Aug. 7, 2025 -
CISA’s relationship with industry needs work to reestablish trust, experts say
Critics say budget cuts, job losses have hurt the agency’s ability to coordinate with private industry.