Government payments contractor Conduent confirms cyberattack impacts multiple states

The incident led to delays in processing child support payments in Wisconsin.

Ivanti zero-days chained together in at least 3 attacks, authorities warn

The vendor’s customers have confronted multiple attack sprees targeting zero-days spanning a variety of products.

Trump rescinds Biden executive order in AI regulatory overhaul

The directive, issued in October 2023, added guardrails for AI developers and bolstered guidance for businesses looking to adopt the technology. 

DHS disbands existing advisory board memberships, raising questions about CSRB

The Cyber Safety Review Board was investigating the hacks of U.S. telecom firms attributed to the Salt Typhoon threat group.

Google Cloud links poor credentials to nearly half of all cloud-based attacks

Cloud services with weak credentials were a prime target for attackers, often resulting in lateral movement attempts, a Google Cloud report found.

PowerSchool data breach brings claims of negligence, poor cyber hygiene

The K-12 software company is facing legal pushback and criticism following a cyberattack that impacted a still unknown number of districts.

HPE probes hacker claim involving trove of sensitive company data

The vendor said it has no immediate evidence of operational impacts or compromised customer data.

Treasury Department issues sanctions linked to cyber intrusions, telecom attacks

The Office of Foreign Assets Control took measures against a state-linked hacker and a Shanghai-based cybersecurity firm in response to the recent attacks against critical infrastructure in the U.S.

FCC enacts rule requiring telecom operators to secure networks

The agency’s declaratory ruling took effect Thursday, but the future outlook of that effort and a separate proposed rule remain uncertain under the incoming administration.

Blue Yonder investigating Clop ransomware threat linked to exploited Cleo CVEs

The financially-motivated hacker was previously linked to the mass exploitation of critical vulnerabilities in MOVEit file-transfer software.

Biden administration rolls out wide-reaching cybersecurity executive order

Released in the administration's final days, the highly-anticipated order follows a series of sophisticated attacks against federal agencies and critical infrastructure providers.

CISA clocked Salt Typhoon in federal networks before telecom intrusions

Outgoing CISA Director Jen Easterly didn’t say what agencies were impacted by Salt Typhoon or when, but noted it provided greater visibility into the active campaign.

World Economic Forum spotlights growing gap in cyber readiness

Ransomware remains the top cyber risk concern among executives, but CISOs are almost twice as likely as CEOs to make that determination.

Cyber disruptions remain top business risk concern in US, globally

A report from Allianz shows the global disruption caused by CrowdStrike’s IT mishap added to longtime concerns about data breaches and ransomware.

CISA pins modest security gains to performance goals program

The federal agency said the number of critical infrastructure organizations enrolled in its vulnerability scanning program nearly doubled since 2022.

CISA adds second BeyondTrust CVE to known exploited vulnerabilities list

Federal authorities are still working with the company to investigate a hack of Treasury Department workstations, but have not yet explained the CVEs’ specific roles in the attacks.

Ivanti zero-day has researchers scrambling

Threat hunters are on high alert as 900 Ivanti Connect Secure instances remain unpatched and vulnerable to exploitation, according to Shadowserver.

Hack of Rhode Island social services platform impacted at least 709K, officials say

State officials received reports from Deloitte and a third-party forensic firm showing the threat to the database has been mitigated and restoration efforts are underway.

Consumers are becoming apathetic to cyber incidents, research finds

Despite an increase in cyber incidents, breaches had less impact on consumer trust in 2024, a Vercara survey found.

CISA director reiterates prior calls for C-suites, boards to take cyber risk ownership

Jen Easterly said companies need to consider cybersecurity threats as core risks that need to be fully incorporated into corporate business strategy.

PowerSchool data breach possibly exposed student, staff data

The cloud-based K-12 software provider confirmed a compromised credential was used to access its PowerSource customer support portal.

Cyberattacks, tech disruption rank as top threats to business growth

Two in five executives view data breaches and leaks as the most financially burdensome man-made threats, a Chubb study found.

Ivanti customers confront new zero-day with suspected nation-state nexus

The latest attacks come one year after a threat group exploited a pair of zero-days in the same Ivanti product.

4 cybersecurity trends to watch in 2025

Critical industries are up against never before seen challenges to remain secure and operational, while regulatory pressures have completely upended the role of the CISO in corporate America.

National cyber director calls for deterrence against China-affiliated cyber threats

Harry Coker Jr. said China and other adversaries cannot be allowed free reign to conduct malicious cyber activities.