Cisco: Salt Typhoon used new custom malware in telecom attacks

The China-backed hackers used compromised credentials to gain initial access to Cisco devices.

By Rob Wright • Updated Feb. 21, 2025

Tech investment firm Insight Partners discloses data breach

The company holds equity in several major technology companies, including Wiz and Kaseya.

By Rob Wright • Feb. 19, 2025

Explore the Trendline➔

Securing the cloud

A host of new technologies and a spate of incidents at top providers means businesses have even more cloud security conundrums to consider. 

By Cybersecurity Dive staff

China-backed hackers continue cyberattacks on telecom companies

Salt Typhoon threat actors compromised Cisco edge devices by exploiting older vulnerabilities.

By Rob Wright • Feb. 13, 2025

HPE issues breach notifications for 2023 Midnight Blizzard attack

Russian state-sponsored hackers compromised the tech giant's Office 365 email environment.

By Rob Wright • Feb. 10, 2025

Ransomware payments fell 35% in 2024

Cyberattacks using ransomware spiked in the second half of the year, but fewer victims paid up.

By Rob Wright • Feb. 5, 2025

Deloitte pays $5M in connection with breach of Rhode Island benefits site

The company agreed to cover expenses related to recovery from the December cyberattack.

By David Jones • Feb. 5, 2025

UnitedHealth hikes number of Change cyberattack breach victims to 190M

The new estimate nearly doubles the company’s previous report of 100 million affected individuals, already the largest healthcare data breach ever reported to federal regulators.

By Emily Olsen • Jan. 27, 2025

PowerSchool data breach brings claims of negligence, poor cyber hygiene

The K-12 software company is facing legal pushback and criticism following a cyberattack that impacted a still unknown number of districts.

By Anna Merod • Jan. 22, 2025

HPE probes hacker claim involving trove of sensitive company data

The vendor said it has no immediate evidence of operational impacts or compromised customer data.

By David Jones • Jan. 21, 2025

Treasury Department issues sanctions linked to cyber intrusions, telecom attacks

The Office of Foreign Assets Control took measures against a state-linked hacker and a Shanghai-based cybersecurity firm in response to the recent attacks against critical infrastructure in the U.S.

By David Jones • Jan. 21, 2025

Cyber disruptions remain top business risk concern in US, globally

A report from Allianz shows the global disruption caused by CrowdStrike’s IT mishap added to longtime concerns about data breaches and ransomware.

By David Jones • Jan. 15, 2025

CISA adds second BeyondTrust CVE to known exploited vulnerabilities list

Federal authorities are still working with the company to investigate a hack of Treasury Department workstations, but have not yet explained the CVEs’ specific roles in the attacks.

By David Jones • Jan. 14, 2025

Consumers are becoming apathetic to cyber incidents, research finds

Despite an increase in cyber incidents, breaches had less impact on consumer trust in 2024, a Vercara survey found.

By Kristen Doerer • Jan. 13, 2025

Hack of Rhode Island social services platform impacted at least 709K, officials say

State officials received reports from Deloitte and a third-party forensic firm showing the threat to the database has been mitigated and restoration efforts are underway.

By David Jones • Jan. 10, 2025

Cyberattacks, tech disruption rank as top threats to business growth

Two in five executives view data breaches and leaks as the most financially burdensome man-made threats, a Chubb study found.

By Alexei Alexis • Jan. 10, 2025

PowerSchool data breach possibly exposed student, staff data

The cloud-based K-12 software provider confirmed a compromised credential was used to access its PowerSource customer support portal.

By Anna Merod • Jan. 10, 2025

Censys researchers warn 8,600 BeyondTrust instances still exposed

As authorities investigate a December attack spree, the researchers added the caveat that not all instances are considered vulnerable.

By David Jones • Jan. 3, 2025

Hackers leaked data from Rhode Island ransomware attack, officials warn

A criminal threat group had previously threatened to leak sensitive data from a Deloitte-managed social services database.

By David Jones • Jan. 2, 2025

Treasury Department says state-linked hacker gained access to unclassified data in major attack

The compromise of agency workstations is linked to a previously disclosed compromise of certain BeyondTrust customers.

By David Jones • Dec. 31, 2024

Ascension cyberattack exposes data from 5.6M people

The breach is the third largest reported to a portal managed by federal regulators this year.

By Emily Olsen • Dec. 20, 2024

Rhode Island officials warn residents as ransomware group threatens social services data leak

The personal data of hundreds of thousands of vulnerable residents is at risk after a threat group attacked a state social services database.

By David Jones • Dec. 18, 2024

US subsidiary of global water treatment firm probes November cyberattack after data encrypted

Kurita America, a subsidiary of a Tokyo-based company, is the latest in a string of companies tied to the water industry targeted by hackers.

By David Jones • Dec. 10, 2024

Blue Yonder investigating data leak claim following ransomware attack

The software supply chain company is widening its investigation after Termite ransomware leaked data it claims is linked to the attack.

By David Jones • Dec. 9, 2024

Morrisons recovers warehouse systems following attack on Blue Yonder

The U.K. supermarket chain was one of several high-profile customers impacted by a ransomware attack against the supply chain management software provider.

By David Jones • Dec. 6, 2024

New York fines Geico, Travelers $11.3M for pandemic-era breaches

The auto insurance companies were penalized for a series of attacks that exposed the personal data of 120,000 people in late 2020 and early 2021.

By Matt Kapko • Nov. 26, 2024