Phishing campaign targets Microsoft device-code authentication flows

Russian state-sponsored hackers have attacked enterprises and government agencies in North America and overseas.

By Rob Wright • Feb. 18, 2025

China-backed hackers continue cyberattacks on telecom companies

Salt Typhoon threat actors compromised Cisco edge devices by exploiting older vulnerabilities.

By Rob Wright • Feb. 13, 2025

Ransomware gangs shifting tactics to evade enterprise defenses

Threat actors adapted to improved threat detection, law enforcement actions, new Huntress research finds.

By Rob Wright • Feb. 12, 2025

Lee Enterprises investigating cyberattack that disrupted operations across multiple news outlets

The company, a major U.S. newspaper chain, has been working with forensic specialists to fully restore services and determine the cause.

By David Jones • Feb. 11, 2025

VeraCore zero-day vulnerabilities exploited in supply chain attacks

Cybercriminals maintained access to one victim organization for more than four years.

By Rob Wright • Feb. 11, 2025

CISA warns of hackers targeting vulnerability in Trimble Cityworks to conduct RCE

The software is widely used in projects by local governments, utilities, airports and other facilities.

By David Jones • Feb. 10, 2025

HPE issues breach notifications for 2023 Midnight Blizzard attack

Russian state-sponsored hackers compromised the tech giant's Office 365 email environment.

By Rob Wright • Feb. 10, 2025

Suspected botnet targets edge devices using brute force attacks

Researchers warn of a surge in attempted logins targeting devices from SonicWall, Palo Alto Networks and others.

By David Jones • Feb. 7, 2025

Hackers deployed web shells, exploited public-facing applications in Q4

A Cisco Talos report also indicated a sharp increase in remote access tools being leveraged in ransomware. 

By David Jones • Feb. 6, 2025

DeepSeek surge hits companies, posing security risks

The Trump administration is scrutinizing the AI app, Italy and Taiwan have banned it, and companies have blocked it.

By Alexei Alexis • Feb. 5, 2025

Ransomware payments fell 35% in 2024

Cyberattacks using ransomware spiked in the second half of the year, but fewer victims paid up.

By Rob Wright • Feb. 5, 2025

Deloitte pays $5M in connection with breach of Rhode Island benefits site

The company agreed to cover expenses related to recovery from the December cyberattack.

By David Jones • Feb. 5, 2025

State-linked hackers deploy macOS malware in fake job interview campaign

Actors linked to North Korea bypassed Apple security using malware called FlexibleFerret.

By Robert Wright, Contributing Reporter • Feb. 4, 2025

SonicWall SMA 1000 series appliances left exposed on the internet

The company last week confirmed attackers are actively exploiting a critical vulnerability in the devices. 

By David Jones • Jan. 28, 2025

Network security tool defects are endemic, eroding enterprise defense

When malicious hackers exploit vulnerabilities in firewalls, VPNs and routers, it’s not the vendors that get hit — it’s their customers.

By Matt Kapko • Jan. 28, 2025

Procter & Gamble operations unhindered by Blue Yonder disruption

The consumer goods company built an in-house solution to keep orders moving as its transportation management system provider navigated a ransomware attack.

By Kelly Stroh • Jan. 28, 2025

UnitedHealth hikes number of Change cyberattack breach victims to 190M

The new estimate nearly doubles the company’s previous report of 100 million affected individuals, already the largest healthcare data breach ever reported to federal regulators.

By Emily Olsen • Jan. 27, 2025

BeyondTrust says 17 customers impacted by December cyberattack spree

State-linked hackers were linked to a series of attacks that led to the theft of unclassified data from the Treasury Department.

By David Jones • Jan. 24, 2025

Attackers lodge backdoors into Ivanti Connect Secure devices

Shadowserver scans found 379 compromised Ivanti Connect Secure devices. Researchers said the situation is serious and likely impacts more organizations.

By Matt Kapko • Jan. 24, 2025

Ivanti zero-days chained together in at least 3 attacks, authorities warn

The vendor’s customers have confronted multiple attack sprees targeting zero-days spanning a variety of products.

By Matt Kapko • Jan. 23, 2025

Government payments contractor Conduent confirms cyberattack impacts multiple states

The incident led to delays in processing child support payments in Wisconsin.

By David Jones • Jan. 23, 2025

Google Cloud links poor credentials to nearly half of all cloud-based attacks

Cloud services with weak credentials were a prime target for attackers, often resulting in lateral movement attempts, a Google Cloud report found.

By Matt Kapko • Jan. 22, 2025

PowerSchool data breach brings claims of negligence, poor cyber hygiene

The K-12 software company is facing legal pushback and criticism following a cyberattack that impacted a still unknown number of districts.

By Anna Merod • Jan. 22, 2025

CISA clocked Salt Typhoon in federal networks before telecom intrusions

Outgoing CISA Director Jen Easterly didn’t say what agencies were impacted by Salt Typhoon or when, but noted it provided greater visibility into the active campaign.

By Matt Kapko • Jan. 16, 2025

Ivanti zero-day has researchers scrambling

Threat hunters are on high alert as 900 Ivanti Connect Secure instances remain unpatched and vulnerable to exploitation, according to Shadowserver.

By Matt Kapko • Jan. 13, 2025