Microsoft warns 3K exposed ASP.NET machine keys at risk of weaponization

An unknown threat actor recently used an exposed key for code injection cyberattacks. 

By Rob Wright • Feb. 7, 2025

Suspected botnet targets edge devices using brute force attacks

Researchers warn of a surge in attempted logins targeting devices from SonicWall, Palo Alto Networks and others.

By David Jones • Feb. 7, 2025

Explore the Trendline➔

Risk Management

Now, public companies have to detail their cybersecurity risk management in annual filings, raising awareness on what many cyber experts already knew — security issues are business issues. 

By Cybersecurity Dive staff

Hackers deployed web shells, exploited public-facing applications in Q4

A Cisco Talos report also indicated a sharp increase in remote access tools being leveraged in ransomware. 

By David Jones • Feb. 6, 2025

State-linked hackers deploy macOS malware in fake job interview campaign

Actors linked to North Korea bypassed Apple security using malware called FlexibleFerret.

By Robert Wright, Contributing Reporter • Feb. 4, 2025

HPE probes hacker claim involving trove of sensitive company data

The vendor said it has no immediate evidence of operational impacts or compromised customer data.

By David Jones • Jan. 21, 2025

Treasury Department issues sanctions linked to cyber intrusions, telecom attacks

The Office of Foreign Assets Control took measures against a state-linked hacker and a Shanghai-based cybersecurity firm in response to the recent attacks against critical infrastructure in the U.S.

By David Jones • Jan. 21, 2025

Blue Yonder investigating Clop ransomware threat linked to exploited Cleo CVEs

The financially-motivated hacker was previously linked to the mass exploitation of critical vulnerabilities in MOVEit file-transfer software.

By David Jones • Jan. 17, 2025

Cyberattacks, tech disruption rank as top threats to business growth

Two in five executives view data breaches and leaks as the most financially burdensome man-made threats, a Chubb study found.

By Alexei Alexis • Jan. 10, 2025

US Treasury office sanctions firm connected to state-sponsored Flax Typhoon threat group

A Beijing-based cybersecurity company, Integrity Technology Group Inc., is linked to years of exploitation activity targeting U.S. critical infrastructure.

By David Jones • Jan. 6, 2025

Rhode Island officials warn residents as ransomware group threatens social services data leak

The personal data of hundreds of thousands of vulnerable residents is at risk after a threat group attacked a state social services database.

By David Jones • Dec. 18, 2024

Frontline workforce tech predictions for 2025: A new era of efficiency and security

2025 Predictions: Boosting frontline efficiency with passwordless tech and identity and access management innovations

By Joel Burleson-Davis, SVP Worldwide Engineering, Cyber • Dec. 9, 2024

FBI, CISA warn of heightened risk of BEC attacks during holiday season

Authorities encouraged prompt reporting, which can help recover stolen payments.

By David Jones • Nov. 27, 2024

Countering multidimensional threats: lessons learned from the 2024 election

In 2024, election officials and law enforcement shared intelligence closely to counter complex threats.

Nov. 18, 2024

The company you keep: your most trusted vendor could be your biggest security risk

Your trusted vendor might be your biggest security risk. Learn how to mitigate third-party threats.

By Joel Burleson-Davis, SVP Worldwide Engineering, Cyber, Imprivata • Nov. 11, 2024

AI increases fraud risk, fintechs say

Financial firms monitor for fraud by looking for unusual activity, but an artificial intelligence model can be trained to transact like a real person.

By Patrick Cooley • Nov. 5, 2024

Enterprise executives cite AI-assisted attacks as top emerging risk, Gartner finds

The analyst firm’s survey underscores growing concern about potential, yet unrealized, scenarios involving AI’s potential role in attacks.

By Matt Kapko • Nov. 4, 2024

Iran-linked attackers hit critical infrastructure with brute force

CISA and the FBI warn healthcare, government, IT and other sectors of password spraying and multifactor authentication push bombing.

By Matt Kapko • Oct. 17, 2024

State CISOs up against a growing threat environment with minimal funding, report finds

A report by Deloitte and NASCIO warns that states do not have the resources necessary to fight state-backed and criminal threat groups.

By David Jones • Oct. 2, 2024

Phishing remains cloud intrusion tactic of choice for threat groups

The long-lasting effectiveness and success of phishing campaigns underscores the most central challenge in cybersecurity — people are the weakest link.

By Matt Kapko • Oct. 2, 2024

CISA again raises alarm on hacktivist threat to water utilities

The alert comes just days after an attack against a water treatment facility in Kansas.

By David Jones • Sept. 26, 2024

Data privacy concerns swirl around generative AI adoption

IT and business professionals fear the technology's adoption can lead to data leakage, according to a Deloitte report.

By Roberto Torres • Sept. 25, 2024

Dark web exposure is ‘highly correlated’ with cyberattack risk

Organizations that are mentioned in dark web market listings are more than twice as likely to experience an attack, Marsh McLennan found.

By Alexei Alexis • Sept. 24, 2024

Cybersecurity firm flags attack on construction accounting system

Users of Foundation Software, which serves 43,000 construction pros, may be at risk of intrusion if they still use default credentials, according to cybersecurity firm Huntress.

By Matthew Thibault • Sept. 20, 2024

Port of Seattle official flags a cyber dilemma, ‘one-way street’ with federal agencies

A ransomware atttack disrupted the Seattle-Tacoma International Airport for weeks. Part of the problem, one official said, is that federal cyber recommendations are not timely.

By Matt Kapko • Sept. 19, 2024

Open source maintainers, under security pressure, remain largely unpaid after XZ Utils

A report by Tidelift shows an equity gap remains between open source developers and well-resourced software users who are pushing for higher security standards.

By David Jones • Sept. 17, 2024