US, allies warn China-linked actors still targeting critical infrastructure

An advisory from 13 countries says state-backed hackers continue trying to breach telecommunications systems and other vital networks.

By Eric Geller • Aug. 27, 2025

Hackers steal data from Salesforce instances in widespread campaign

Google researchers say the hackers abused a third-party tool in an attack spree designed to harvest credentials.

By David Jones • Updated Aug. 29, 2025

Explore the Trendline➔

Top 5 stories from Cybersecurity Dive

tk

By Cybersecurity Dive staff

Execs worry about unknown identity-security weaknesses

Credential theft attacks prove that companies need to do better, but business leaders cited many reasons for slow progress.

By Eric Geller • Aug. 26, 2025

China-nexus hacker Silk Typhoon targeting cloud environments

The state-linked espionage group has exploited zero-day flaws in Commvault and Citrix Netscaler, researchers say.

By David Jones • Aug. 22, 2025

US charges Oregon man in vast botnet-for-hire operation

Federal prosecutors called Rapper Bot one of the most powerful DDoS botnets in history.

By David Jones • Aug. 21, 2025

Businesses focus on AI, cloud, despite cyber defense oversights

Recent surveys found enterprises are enthusiastically adopting AI, even as they neglect basic cybersecurity measures.

By Eric Geller • Aug. 19, 2025

Water sector expands partnership with volunteer hackers

As threats to critical infrastructure grow and government funding stagnates, operators are turning to civic-minded volunteers from the cybersecurity industry.

By Eric Geller • Aug. 14, 2025

DOJ, international partners take down BlackSuit group’s infrastructure

BlackSuit has been among the most prolific ransomware gangs in recent years, targeting government agencies, critical manufacturing companies and healthcare firms.

By David Jones • Aug. 11, 2025

DARPA touts value of AI-powered vulnerability detection as it announces competition winners

The U.S. military research agency hopes to foster a new ecosystem of autonomous vulnerability remediation.

By Eric Geller • Aug. 8, 2025

Financially motivated cluster a key player in ToolShell exploitation

Researchers from Palo Alto Networks detail ransomware deployment and malicious backdoors in a campaign against Microsoft SharePoint users.

By David Jones • Aug. 8, 2025

CISA officials say agency is moving ahead despite workforce purge

Two senior officials defended the agency’s progress amid concerns about the effects of mass layoffs and budget cuts.

By Eric Geller • Aug. 8, 2025

NSA partnering with cyber firms to support under-resourced defense contractors

The spy agency has sought out creative ways to help protect small companies supplying the U.S. military.

By Eric Geller • Aug. 7, 2025

SonicWall says recent attack wave involved previously disclosed flaw, not zero-day

The company said it had linked recent hacks to customers’ use of legacy credentials when migrating from Gen 6 to Gen 7 firewalls.

By David Jones • Aug. 7, 2025

US still prioritizing zero-trust migration to limit hacks’ damage

The zero-trust initiative, which gained steam during the Biden administration, is still underway.

By Eric Geller • Updated Aug. 7, 2025

SonicWall investigating possible zero-day related to firewall attacks

Researchers recently warned about a surge in Akira ransomware attacks linked to a potential SonicWall vulnerability.

By David Jones • Aug. 5, 2025

AI is helping hackers automate and customize cyberattacks

CrowdStrike’s annual cyber-threat-hunting report reveals the double threat that AI poses to many businesses.

By Eric Geller • Aug. 4, 2025

Palo Alto Networks investigating ransomware threat related to SharePoint exploitation

Researchers said an unidentified hacker demanded a ransom after an intrusion linked to the SharePoint flaw.  

By David Jones • Aug. 1, 2025

Ransomware gangs capitalize on law enforcement takedowns of competitors

After authorities dismantled LockBit and RansomHub, other groups rushed in to snatch up their affiliates, according to a new report that highlights a cybercrime ecosystem in flux.

By Eric Geller • July 31, 2025

Industry groups urge vigilance as Scattered Spider evolves tactics

Information-sharing organizations warned their members that Scattered Spider continues to pose a major threat.

By David Jones • July 31, 2025

What we know about the cybercrime group Scattered Spider

The notorious hacker collective has attracted the attention of government authorities in several nations around the globe. 

By David Jones • July 30, 2025

‘Shadow AI’ increases cost of data breaches, report finds

Companies are failing to protect their AI tools from compromise, often leading to more extensive data breaches, according to new data from IBM.

By Eric Geller • July 30, 2025

FBI, CISA warn about Scattered Spider’s evolving tactics

International authorities are pursuing the group following the arrests of four suspects in a series of attacks targeting British retailers.

By David Jones • July 29, 2025

Ransomware attacks against oil and gas firms surge

Manufacturing remains the No. 1 ransomware target, new data from Zscaler shows.

By Eric Geller • July 29, 2025

Research shows LLMs can conduct sophisticated attacks without humans

The project, launched by Carnegie Mellon in collaboration with Anthropic, simulated the 2017 Equifax data breach.

By David Jones • July 28, 2025

Emerging cybersecurity needs: What the market is telling us

Default-deny, strict controls, and real-time monitoring: how to stop threats before they start.

By Yuriy Tsibere, Product Manager and Business Analyst, ThreatLocker • July 28, 2025