Windows Server Update Service exploitation ensnares at least 50 victims

Researchers say hackers could be gathering intelligence for future attacks, and authorities warn users to apply patches and check for compromise.

By David Jones • Oct. 31, 2025

FCC will vote to scrap telecom cybersecurity requirements

The commission’s Republican chair, who voted against the rules in January, calls them ineffective and illegal.

By Eric Geller • Updated Oct. 31, 2025

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

CISA updates guidance and warns security teams on WSUS exploitation

The agency urges users to apply emergency patches from Microsoft to counter a serious threat.

By David Jones • Oct. 30, 2025

AI adoption outpaces corporate governance, security controls

Security and business leaders warn that companies are accelerating their use of agentic AI beyond the ability to maintain proper guardrails. 

By David Jones • Oct. 29, 2025

Google probes exploitation of critical Windows service CVE

Researchers have traced the threat activity to a newly identified hacker, while separate evidence points to more than one variant.

By David Jones • Oct. 28, 2025

North Korea led the world in nation-state hacking in Q2 and Q3

Security leaders should prioritize anomalous-activity detection and zero-trust principles, a new report recommends.

By Eric Geller • Oct. 24, 2025

AI security flaws afflict half of organizations

EY suggested ways for companies to reduce AI-related hacking risks.

By Eric Geller • Oct. 22, 2025

Gartner: How to prepare for and respond to today’s evolving threat landscape

With the emergence of AI, security operations teams must navigate a fast-moving generation of cyber threats.

By Jeremy D'Hoinne, Distinguished Research VP, Gartner • Oct. 21, 2025

AI-fueled automation helps ransomware-as-a-service groups stand out from the crowd

Ransomware gangs that offer their affiliates customization and automation are growing faster than those that don’t, a new report finds.

By Eric Geller • Oct. 21, 2025

Social engineering gains ground as preferred method of initial access

Senior executives and high-net-worth individuals are increasingly at risk as hackers use deepfakes, voice cloning and other tactics for targeted attacks. 

By David Jones • Updated Oct. 21, 2025

Why security awareness training doesn’t work — and how to fix it

Companies have built their security strategies around phishing simulations and educational webinars, tactics that research shows are ineffective.

By Eric Geller • Oct. 20, 2025

F5 supply chain hack endangers more than 600,000 internet-connected devices

The enterprise device vendor has patched several vulnerabilities that hackers discovered after breaching its networks.

By Eric Geller • Oct. 17, 2025

Many IT leaders click phishing links, and some don’t report them

A new survey shines light on the security practices and AI fears of IT leaders and their subordinates.

By Eric Geller • Oct. 16, 2025

Auto sector faces historic cyber threats to business continuity

A catastrophic cyberattack at Jaguar Land Rover is forcing governments and industrial leaders to address urgent demands for business resilience and accountability.

By David Jones • Oct. 16, 2025

Nation-state hackers breached sensitive F5 systems, stole customer data

The federal government is scrambling to determine if any agencies have been hacked.

By Eric Geller • Oct. 15, 2025

SonicWall SSLVPN devices compromised using valid credentials

More than 100 SonicWall SSLVPN accounts have been impacted, according to Huntress.

By David Jones • Oct. 14, 2025

Salesforce refuses to submit to extortion demands linked to hacking campaigns

The company said it is aware of recent claims, but will not negotiate or pay a ransom.

By David Jones • Oct. 8, 2025

AI fuels social engineering but isn’t yet revolutionizing hacking

AI tools are still too computationally intense for cybercriminals to rely on, according to a new report.

By Eric Geller • Oct. 8, 2025

Businesses fear AI exposes them to more attacks

More than half of companies have already faced AI-powered phishing attacks, a new survey finds.

By Eric Geller • Oct. 7, 2025

Oracle investigating extortion emails targeting E-Business Suite customers

Hackers claiming links to Clop ransomware could be exploiting vulnerabilities disclosed in a July critical patch update.

By David Jones • Oct. 3, 2025

Hackers claiming ties to Clop launch wide extortion campaign targeting corporate executives

The email-based campaign purports to have sensitive data from breached Oracle E-Business Suite applications. 

By David Jones • Oct. 2, 2025

Cisco firewall flaws endanger nearly 50,000 devices worldwide

The U.S., the U.K. and Japan lead the list of the most vulnerable countries.

By Eric Geller • Sept. 30, 2025

Critical infrastructure operators add more insecure industrial equipment online

The problem isn’t limited to legacy technology. New devices are exposed with critical vulnerabilities.

By Eric Geller • Sept. 25, 2025

CISA urges dependency checks following Shai-Hulud compromise

Security teams are urged to review their software environments after a major supply chain attack on the NPM ecosystem.

By David Jones • Sept. 24, 2025

UK authorities arrest man in connection with cyberattack against aviation vendor

The attack against Collins Aerospace led to significant flight disruptions at Heathrow and other major European hubs.

By David Jones • Sept. 24, 2025