CISA warns companies to secure credentials amid Oracle Cloud breach claims

The agency is asking organizations to come forward if they detect suspicious activity or other evidence of a compromise.

By David Jones • April 17, 2025

Hertz says personal data breached in connection with Cleo file-transfer flaws

The company is the latest organization to investigate or disclose an incident linked to a monthslong attack spree.

By David Jones • April 15, 2025

Sensata Technologies’ operations disrupted by ransomware attack

The company, which makes sensors for the automotive and aerospace sectors, does not currently expect the attack to have a material impact.

By Rob Wright • April 10, 2025

Treasury Department bank regulator discloses major hack

Attackers gained unauthorized, prolonged access to the Office of the Comptroller of the Currency’s email system, accessing numerous emails containing highly sensitive regulatory data.

By Elizabeth Montalbano, Contributing Reporter • April 9, 2025

WK Kellogg confirms employee data breach tied to Cleo file-transfer flaw

The Michigan-based breakfast cereal company confirmed it used Cleo as a vendor for human resources data.

By David Jones • April 8, 2025

Check Point Software confirms security incident but pushes back on threat actor claims

A malicious hacker recently offered to sell the security firm’s sensitive customer information.

By David Jones • April 2, 2025

Sam’s Club investigating attack claim linked to Clop ransomware

The prolific gang is linked to the exploitation of critical flaws in Cleo file transfer software.

By David Jones • April 1, 2025

Hacker linked to Oracle Cloud intrusion threatens to sell stolen data

Security researchers from Trustwave SpiderLabs provided additional evidence backing up claims of a breach.

By David Jones • March 31, 2025

Cybersecurity firms brace for impact of potential Oracle Cloud breach

As evidence continues to pile up, security providers warn customers to secure networks.

By David Jones • March 28, 2025

Researchers back claim of Oracle Cloud breach despite company’s denials

Security researchers from CloudSEK provided additional evidence supporting a hacker’s claim to have exfiltrated 6 million records.

By David Jones • March 25, 2025

Rubrik discloses server breach, compromise of ‘access information’

The data security and backup vendor said it found no evidence that the stolen data was used by cyber threat actors.

By Rob Wright • March 4, 2025

Employment screening provider data breach affects 3.3M people

The attack is one of several in recent years targeting the employment services industry. 

By Ginger Christ • Feb. 28, 2025

Cisco: Salt Typhoon used new custom malware in telecom attacks

The China-backed hackers used compromised credentials to gain initial access to Cisco devices.

By Rob Wright • Updated Feb. 21, 2025

Tech investment firm Insight Partners discloses data breach

The company holds equity in several major technology companies, including Wiz and Kaseya.

By Rob Wright • Feb. 19, 2025

China-backed hackers continue cyberattacks on telecom companies

Salt Typhoon threat actors compromised Cisco edge devices by exploiting older vulnerabilities.

By Rob Wright • Feb. 13, 2025

HPE issues breach notifications for 2023 Midnight Blizzard attack

Russian state-sponsored hackers compromised the tech giant's Office 365 email environment.

By Rob Wright • Feb. 10, 2025

Ransomware payments fell 35% in 2024

Cyberattacks using ransomware spiked in the second half of the year, but fewer victims paid up.

By Rob Wright • Feb. 5, 2025

Deloitte pays $5M in connection with breach of Rhode Island benefits site

The company agreed to cover expenses related to recovery from the December cyberattack.

By David Jones • Feb. 5, 2025

UnitedHealth hikes number of Change cyberattack breach victims to 190M

The new estimate nearly doubles the company’s previous report of 100 million affected individuals, already the largest healthcare data breach ever reported to federal regulators.

By Emily Olsen • Jan. 27, 2025

PowerSchool data breach brings claims of negligence, poor cyber hygiene

The K-12 software company is facing legal pushback and criticism following a cyberattack that impacted a still unknown number of districts.

By Anna Merod • Jan. 22, 2025

HPE probes hacker claim involving trove of sensitive company data

The vendor said it has no immediate evidence of operational impacts or compromised customer data.

By David Jones • Jan. 21, 2025

Treasury Department issues sanctions linked to cyber intrusions, telecom attacks

The Office of Foreign Assets Control took measures against a state-linked hacker and a Shanghai-based cybersecurity firm in response to the recent attacks against critical infrastructure in the U.S.

By David Jones • Jan. 21, 2025

Cyber disruptions remain top business risk concern in US, globally

A report from Allianz shows the global disruption caused by CrowdStrike’s IT mishap added to longtime concerns about data breaches and ransomware.

By David Jones • Jan. 15, 2025

CISA adds second BeyondTrust CVE to known exploited vulnerabilities list

Federal authorities are still working with the company to investigate a hack of Treasury Department workstations, but have not yet explained the CVEs’ specific roles in the attacks.

By David Jones • Jan. 14, 2025

Consumers are becoming apathetic to cyber incidents, research finds

Despite an increase in cyber incidents, breaches had less impact on consumer trust in 2024, a Vercara survey found.

By Kristen Doerer • Jan. 13, 2025