1064 articles by David Jones

• Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw

  July 11, 2025

• Ingram Micro restores global operations following hack

  July 10, 2025

• UK authorities arrest 4 people in probe of retail cyberattack spree

  July 10, 2025

• M&S chairman calls for mandatory disclosure of material cyberattacks

  July 9, 2025

• Qantas says cyberattack affected 5.7 million customers

  July 9, 2025

• Suspected contractor for China’s Hafnium group arrested in Italy

  July 8, 2025

• Scattered Spider poses serious risk to several hundred major companies

  July 8, 2025

• Ingram Micro makes progress on restoring operations following attack

  July 8, 2025

• Ingram Micro investigating ransomware attack

  July 7, 2025

• Qantas says large amount of customer data stolen in cyberattack on call center

  July 2, 2025

• Scattered Spider appears to pivot toward aviation sector

  June 27, 2025

• Hackers exploiting critical Citrix Netscaler flaw, researchers say

  June 27, 2025

• Microsoft to make Windows more resilient following 2024 IT outage

  June 26, 2025

• Critical vulnerability in Citrix Netscaler raises specter of exploitation wave

  June 25, 2025

• Federal officials, critical infrastructure leaders remain on guard for Iran-linked hacks

  June 24, 2025

• Steelmaker Nucor restores operations, confirms limited data breach

  June 23, 2025

• DHS warns of heightened cyber threat as US enters Iran conflict

  June 23, 2025

• Aflac discloses cyber intrusion linked to wider crime spree targeting insurance industry

  June 20, 2025

• Researchers urge vigilance as Veeam releases patch to address critical flaw

  June 18, 2025

• Critical Zyxel vulnerability under active exploitation after long period of quiet

  June 17, 2025

• Threat group linked to UK, US retail attacks now targeting insurance industry

  June 16, 2025

• US critical infrastructure could become casualty of Iran-Israel conflict

  June 16, 2025

• Software vulnerabilities pile up at government agencies, research finds

  June 12, 2025

• Critical flaw in Microsoft Copilot could have allowed zero-click attack

  June 11, 2025

• Marks & Spencer restores some online-order operations following cyberattack

  June 10, 2025

• Scattered Spider targeting MSPs, IT vendors in social engineering campaigns

  June 9, 2025

• Corporate executives face mounting digital threats as AI drives impersonation

  June 6, 2025

• Water utilities mitigate equipment flaws after researchers find widespread exposures

  June 5, 2025

• FBI, CISA warn Play ransomware targeting critical infrastructure with evolving techniques

  June 5, 2025

• Hackers abuse malicious version of Salesforce tool for data theft, extortion

  June 4, 2025

• Victoria’s Secret postponing release of report earnings amid breach impact

  June 3, 2025

• Microsoft, CrowdStrike, other cyber firms collaborate on threat actor taxonomy

  June 2, 2025

• SentinelOne analysis links service disruption to software flaw

  June 2, 2025

• ConnectWise warns of threat activity linked to suspected nation-state hackers

  May 30, 2025

• Outage disrupts some SentinelOne services

  May 29, 2025

• Thousands of ASUS routers compromised in sophisticated hacking campaign

  May 29, 2025

• Zscaler enters agreement to buy Red Canary

  May 28, 2025

• Masimo says cyberattack will not prevent it from fulfilling orders

  May 27, 2025

• US authorities charge 16 in operation to disrupt DanaBot malware

  May 27, 2025

• Palo Alto Networks beats earnings estimates amid consolidation, AI concerns

  May 22, 2025

• Microsoft leads international takedown of Lumma Stealer

  May 21, 2025

• M&S warns April cyberattack will cut $400 million from profits

  May 21, 2025

• Researchers warn of China-backed espionage campaign targeting laid-off US workers

  May 20, 2025

• Ivanti Endpoint Mobile Manager customers exploited via chained vulnerabilities

  May 19, 2025

• FBI warns senior US officials are being impersonated using texts, AI-based voice cloning

  May 16, 2025

• Researchers warn threat actors in UK retail attacks are targeting US sector

  May 15, 2025

• Steelmaker Nucor discloses cyberattack on IT network

  May 14, 2025

• UK retailer Co-op restoring systems following major cyberattack

  May 14, 2025

• M&S says hackers gained access to customer data in April cyberattack

  May 13, 2025

• Lee Enterprises spent $2M for ransomware recovery

  May 12, 2025

• SAP NetWeaver exploitation enters second wave of threat activity

  May 9, 2025

• CISA, FBI warn of ‘unsophisticated’ hackers targeting industrial systems

  May 8, 2025

• CrowdStrike to cut 500 jobs in plan to scale business

  May 7, 2025

• Masimo says cyberattack has impacted its ability to fulfill orders

  May 7, 2025

• Airlines in North America prioritize investments in cyber, AI

  May 6, 2025

• UK authorities warn of retail-sector risks following cyberattack spree

  May 5, 2025

• Salt Typhoon telecom hacks one of the most consequential campaigns against US ever, expert says

  May 1, 2025

• DHS secretary vows to refocus CISA, saying it strayed from mission

  April 30, 2025

• Critical vulnerability in SAP NetWeaver Visual Composer leads to confirmed compromises

  April 29, 2025

• JPMorgan Chase CISO warns software industry on supply chain security

  April 28, 2025

• Critical vulnerability in SAP NetWeaver under threat of active exploitation

  April 25, 2025

• Threat groups exploit resurgent vulnerabilities

  April 24, 2025

• Financial gain still drives majority of cyber threat activity

  April 23, 2025

• Conduent warns January breach impacted a ‘significant’ number of people

  April 22, 2025

• Researchers warn of critical flaw found in Erlang OTP SSH

  April 21, 2025

• Microsoft strengthens in-house cyber governance, training

  April 21, 2025

• Lemonade says applicant driver’s license numbers exposed

  April 18, 2025

• Ahold Delhaize confirms data stolen after threat group claims credit for November attack

  April 17, 2025

• CISA warns companies to secure credentials amid Oracle Cloud breach claims

  April 17, 2025

• Mitre CVE program regains funding as renewal deal reached

  April 16, 2025

• CISA launches new wave of job cuts

  April 16, 2025

• Hertz says personal data breached in connection with Cleo file-transfer flaws

  April 15, 2025

• Aviation sector faces heightened cyber risks due to vulnerable software, aging tech

  April 14, 2025

• Remote access tools most frequently targeted as ransomware entry points

  April 11, 2025

• Plankey nomination at CISA placed on hold after Wyden pushes for telecom report

  April 10, 2025

• Windows CLFS zero-day exploited in ransomware attacks

  April 9, 2025

• WK Kellogg confirms employee data breach tied to Cleo file-transfer flaw

  April 8, 2025

• Trump administration under scrutiny as it puts major round of CISA cuts on the table

  April 7, 2025

• CISA, FBI warn of fast flux technique used to hide malicious servers

  April 4, 2025

• House members press Commerce Secretary Lutnick on DOGE-related job cuts at NIST

  April 3, 2025

• Check Point Software confirms security incident but pushes back on threat actor claims

  April 2, 2025

• Sam’s Club investigating attack claim linked to Clop ransomware

  April 1, 2025

• Hacker linked to Oracle Cloud intrusion threatens to sell stolen data

  March 31, 2025

• Cybersecurity firms brace for impact of potential Oracle Cloud breach

  March 28, 2025

• Threat actor in Oracle Cloud breach may have gained access to production environments

  March 27, 2025

• DrayTek routers face active exploitation of older vulnerabilities

  March 26, 2025

• Researchers back claim of Oracle Cloud breach despite company’s denials

  March 25, 2025

• FCC investigating China-linked companies over evasion of US national security measures

  March 24, 2025

• Coinbase originally targeted during GitHub Action supply chain attack

  March 21, 2025

• GitHub Action compromise linked to previously undisclosed attack

  March 20, 2025

• Google acquisition of Wiz driven by enterprise embrace of multicloud

  March 19, 2025

• CISA urges fired probationary workers to respond after federal judge grants order

  March 18, 2025

• Supply chain attack against GitHub Action triggers massive exposure of secrets

  March 17, 2025

• SuperBlack ransomware used to exploit Fortinet vulnerabilities

  March 14, 2025

• FCC launches national security unit to counter state-linked threats to US telecoms

  March 13, 2025

• Juniper MX routers targeted by China-nexus threat group using custom backdoors

  March 12, 2025

• Trump nominates Plankey to lead CISA

  March 11, 2025

• Majority of ransomware claims involved compromise of perimeter security devices

  March 11, 2025

• Former NSA cyber director warns drastic job cuts threaten national security

  March 10, 2025

• Eleven11bot estimates revised downward as researchers point to Mirai variant

  March 7, 2025

• CrowdStrike shares fall as company forecasts lower-than-expected results

  March 5, 2025

• More than 86K IoT devices compromised by fast-growing Eleven11 botnet

  March 4, 2025

• Lee Enterprises investigating ransomware claim, data leak threat

  March 3, 2025

• Massive Iran-linked botnet launches DDoS attacks against telecom, gaming platforms

  March 3, 2025

• Critical infrastructure at state, local levels at heightened risk of cyberattacks

  Feb. 28, 2025

• CISA taps Karen Evans as executive assistant director for cybersecurity

  Feb. 27, 2025

• State-linked threat groups collaborating with hacktivists, other actors to target infrastructure

  Feb. 26, 2025

• More than 400 SonicWall firewall instances remain vulnerable to attack

  Feb. 25, 2025

• Palo Alto Networks warns hackers attempting to exploit a file read flaw in firewalls

  Feb. 24, 2025

• CrowdStrike CSO Shawn Henry to retire by end of March

  Feb. 21, 2025

• SEC revamps cyber and crypto enforcement unit under Trump administration

  Feb. 21, 2025

• US authorities warn Ghost ransomware leverages older CVEs

  Feb. 20, 2025

• SonicWall authentication flaw under threat of active exploitation

  Feb. 19, 2025

• Lee Enterprises says cyberattack will likely have material impact

  Feb. 18, 2025

• Palo Alto Networks warns firewall vulnerability is under active exploitation

  Feb. 18, 2025

• FBI, CISA warn hackers abusing buffer overflow CVEs to launch attacks

  Feb. 13, 2025

• Trump to nominate Sean Cairncross as national cyber director

  Feb. 12, 2025

• Lee Enterprises investigating cyberattack that disrupted operations across multiple news outlets

  Feb. 11, 2025

• CISA warns of hackers targeting vulnerability in Trimble Cityworks to conduct RCE

  Feb. 10, 2025

• Private equity firm to acquire SolarWinds for $4.4B

  Feb. 7, 2025

• Suspected botnet targets edge devices using brute force attacks

  Feb. 7, 2025

• Hackers deployed web shells, exploited public-facing applications in Q4

  Feb. 6, 2025

• Deloitte pays $5M in connection with breach of Rhode Island benefits site

  Feb. 5, 2025

• Exploitation of vulnerability in Zyxel CPE targets legacy routers

  Feb. 4, 2025

• Sophos completes $859M acquisition of Secureworks

  Feb. 3, 2025

• Security tool consolidation boosts efficiency, threat mitigation

  Jan. 31, 2025

• CISO stature gains traction as global cyber risk escalates

  Jan. 30, 2025

• Attackers exploit zero-day vulnerability in Zyxel CPE devices

  Jan. 29, 2025

• SonicWall SMA 1000 series appliances left exposed on the internet

  Jan. 28, 2025

• SonicWall warns hackers targeting critical vulnerability in SMA 1000 series appliances

  Jan. 27, 2025

• BeyondTrust says 17 customers impacted by December cyberattack spree

  Jan. 24, 2025

• Government payments contractor Conduent confirms cyberattack impacts multiple states

  Jan. 23, 2025

• DHS disbands existing advisory board memberships, raising questions about CSRB

  Jan. 22, 2025

• HPE probes hacker claim involving trove of sensitive company data

  Jan. 21, 2025

• Treasury Department issues sanctions linked to cyber intrusions, telecom attacks

  Jan. 21, 2025

• Blue Yonder investigating Clop ransomware threat linked to exploited Cleo CVEs

  Jan. 17, 2025

• Biden administration rolls out wide-reaching cybersecurity executive order

  Jan. 16, 2025

• Cyber disruptions remain top business risk concern in US, globally

  Jan. 15, 2025

• CISA adds second BeyondTrust CVE to known exploited vulnerabilities list

  Jan. 14, 2025

• Hack of Rhode Island social services platform impacted at least 709K, officials say

  Jan. 10, 2025

• CISA director reiterates prior calls for C-suites, boards to take cyber risk ownership

  Jan. 10, 2025

• 4 cybersecurity trends to watch in 2025

  Jan. 9, 2025

• National cyber director calls for deterrence against China-affiliated cyber threats

  Jan. 9, 2025

• White House program to certify the security of IoT devices goes live

  Jan. 8, 2025

• CISA says hack targeting Treasury Department did not impact other federal agencies

  Jan. 7, 2025

• US Treasury office sanctions firm connected to state-sponsored Flax Typhoon threat group

  Jan. 6, 2025

• Censys researchers warn 8,600 BeyondTrust instances still exposed

  Jan. 3, 2025

• Hackers leaked data from Rhode Island ransomware attack, officials warn

  Jan. 2, 2025

• Treasury Department says state-linked hacker gained access to unclassified data in major attack

  Dec. 31, 2024

• Researchers warn of active exploitation of critical Apache Struts 2 flaw

  Dec. 20, 2024

• Mandiant traces Cleo file-transfer exploits back to October

  Dec. 19, 2024

• Rhode Island officials warn residents as ransomware group threatens social services data leak

  Dec. 18, 2024

• Pennsylvania representative pitches bill to double cyber assistance for local water systems

  Dec. 17, 2024

• Cleo releases CVE for actively exploited flaw in file-transfer software

  Dec. 16, 2024

• Security community raises concern as Cleo file-transfer CVE delayed

  Dec. 13, 2024

• Cleo releases new patch as threat groups ramp up exploitation of critical CVE

  Dec. 12, 2024

• Blue Yonder helps restore operations for majority of impacted customers

  Dec. 12, 2024

• Critical flaw in Cleo file-transfer software is under mass exploitation

  Dec. 10, 2024

• US subsidiary of global water treatment firm probes November cyberattack after data encrypted

  Dec. 10, 2024

• Blue Yonder investigating data leak claim following ransomware attack

  Dec. 9, 2024

• Morrisons recovers warehouse systems following attack on Blue Yonder

  Dec. 6, 2024

• CISA, German cyber authorities warn Zyxel firewalls facing active exploitation

  Dec. 4, 2024

• UK cyber chief warns country is at an inflection point as digital threats rise

  Dec. 3, 2024

• Blue Yonder moves closer to full recovery after November ransomware attack

  Dec. 2, 2024

• FBI, CISA warn of heightened risk of BEC attacks during holiday season

  Nov. 27, 2024

• Starbucks confirms Blue Yonder attack impacted employee scheduling platform

  Nov. 26, 2024

• As holiday season begins, US braces for looming risk of cyberattacks

  Nov. 26, 2024

• Ransomware hits supply chain software firm Blue Yonder ahead of Thanksgiving

  Nov. 25, 2024

• Corporate security teams want specialty cyber roles as regulatory pressure grows

  Nov. 22, 2024

• Microsoft unveils resiliency, security enhancements following July global IT outage

  Nov. 21, 2024

• Federal probe finds vulnerabilities across more than 300 US water systems

  Nov. 19, 2024

• Easterly to step down from CISA director role on Inauguration Day

  Nov. 18, 2024

• Microsoft revamps how it will disclose vulnerabilities

  Nov. 15, 2024

• National cyber director calls for streamlined security regulations

  Nov. 14, 2024

• Citrix Session Recording users warned of CVEs that allow hackers to gain control

  Nov. 13, 2024

• US hopes to leverage UN cybercrime treaty toward ransomware fight

  Nov. 12, 2024

• Newpark Resources discloses October ransomware attack

  Nov. 11, 2024

• Halliburton incurs about $35M in expenses related to August cyberattack

  Nov. 8, 2024

• TSA proposes cyber risk management programs for surface transportation, pipeline operators

  Nov. 7, 2024

• Columbus, Ohio confirms July ransomware attack compromised data of 500K people

  Nov. 6, 2024

• Schneider Electric investigating cyber intrusion after threat actor gains access to platform

  Nov. 5, 2024

• USDA, White House launch study to boost cyber resilience of rural water utilities

  Nov. 4, 2024

• CISA warns of foreign threat group launching spearphishing campaign using malicious RDP files

  Nov. 1, 2024

• As presidential election looms, disparate approaches to cyber policy come into focus

  Oct. 31, 2024

• CISA rolls out international strategic plan to bolster cyber cooperation

  Oct. 30, 2024

• Poor vulnerability management could indicate larger cyber governance issues, S&P says

  Oct. 29, 2024

• Cisco warns actively exploited CVE can lead to DoS attacks against VPN services

  Oct. 28, 2024

• Microsoft CEO asked board to cut pay in connection with security overhaul

  Oct. 25, 2024

• SEC settles charges with 4 firms it says downplayed SolarWinds hack exposure

  Oct. 22, 2024

• FCC expands cooperation with states on data security, privacy enforcement

  Oct. 22, 2024

• CISOs are gaining influence among corporate leadership

  Oct. 21, 2024

• Microsoft confirms partial loss of security log data on multiple platforms

  Oct. 18, 2024

• FBI, CISA seek input on software security, configuration changes

  Oct. 17, 2024

• US disables Anonymous Sudan infrastructure linked to DDoS attack spree

  Oct. 17, 2024

• CISA adds SolarWinds flaw to exploited vulnerabilities catalog

  Oct. 16, 2024

• Majority of global CISOs want to split roles as regulatory burdens grow

  Oct. 15, 2024

• Critical CVE in 4 Fortinet products actively exploited

  Oct. 14, 2024

• American Water Works reconnecting systems a week after cyberattack

  Oct. 11, 2024

• Cyber risk tops C-suite concerns heading into US election

  Oct. 10, 2024

• Trio of Ivanti CSA zero-day vulnerabilities under exploit threat

  Oct. 9, 2024

• American Water Works investigates unauthorized cyber intrusion

  Oct. 7, 2024

• CISOs, C-suite remain at odds over corporate cyber resilience

  Oct. 7, 2024

• Economic uncertainty cools CISO hiring and compensation growth

  Oct. 4, 2024

• Ivanti up against another attack spree as hackers target its endpoint manager

  Oct. 3, 2024

• State CISOs up against a growing threat environment with minimal funding, report finds

  Oct. 2, 2024

• FCC reaches $31.5M settlement with T-Mobile over rash of data breaches

  Oct. 1, 2024

• Top cybersecurity conferences to attend in 2025

  Oct. 1, 2024

• CUPS vulnerability, a near miss, delivers another warning for open source

  Sept. 30, 2024

• A quartet of Linux CVEs draws exploit fears among open source community

  Sept. 27, 2024

• CISA again raises alarm on hacktivist threat to water utilities

  Sept. 26, 2024

• Cyber commission seeks detailed plan to secure high-risk infrastructure

  Sept. 25, 2024

• CISA catalog falls short on CVEs targeted by Flax Typhoon

  Sept. 24, 2024

• Microsoft names deputy CISOs, flushes dead accounts as part of internal security overhaul

  Sept. 23, 2024

• Attackers exploit second Ivanti Cloud Service Appliance flaw for more access

  Sept. 20, 2024

• US authorities take down a Mirai-variant botnet tied to DDoS threat

  Sept. 19, 2024

• Suffolk County ransomware attack linked to lack of planning, ignored warnings

  Sept. 18, 2024

• Open source maintainers, under security pressure, remain largely unpaid after XZ Utils

  Sept. 17, 2024

• Hackers exploit CVE in older versions of Ivanti Cloud Service Appliance

  Sept. 16, 2024

• Microsoft, working with security partners, pledges better deployment, testing collaboration

  Sept. 13, 2024

• Most OT environments have at least 4 remote access tools, report finds

  Sept. 12, 2024

• Security budgets continue modest growth, but staff hiring slows considerably, research finds

  Sept. 10, 2024

• Cyber insurance keeps growing, as threats spur competition

  Sept. 9, 2024

• Key cyber insurance stakeholders urge government to help close $900B in uncovered risk

  Sept. 6, 2024

• White House launches cybersecurity hiring sprint to help fill 500,000 job openings

  Sept. 5, 2024

• Prolific RansomHub engaged in attack spree, feds warn

  Sept. 4, 2024

• Halliburton confirms data stolen in August cyberattack

  Sept. 3, 2024

• Iran-linked actors ramping up cyberattacks on US critical infrastructure

  Sept. 3, 2024

• CISA launches cyber incident reporting portal to streamline breach disclosure

  Aug. 30, 2024

• SentinelOne fields inquiries from new customers following global IT outage linked to CrowdStrike

  Aug. 28, 2024

• Volt Typhoon exploiting zero-day in campaign targeting ISPs, MSPs

  Aug. 28, 2024

• CISA officials credit Microsoft security log expansion for improved threat visibility

  Aug. 27, 2024

• SEC settles cyber case with Equiniti Trust as oversight questions linger

  Aug. 26, 2024

• Halliburton hit by cyberattack, certain systems impacted

  Aug. 22, 2024

• US, Australian authorities lead international push to adopt event logging

  Aug. 22, 2024

• Insurance coverage drives cyber risk reduction for companies, researchers say

  Aug. 21, 2024

• Palo Alto Networks CEO touts leads from CrowdStrike fallout

  Aug. 20, 2024

• Companies aren’t as resilient against cyber risks as they think

  Aug. 19, 2024

• SolarWinds Web Help Desk CVE scores a 9.8

  Aug. 16, 2024

• DDoS attacks surge since late 2023, telecom still in hot seat

  Aug. 15, 2024

• White House details $11M plan to help secure open source

  Aug. 14, 2024

• Microsoft Windows CVE triggers blue screen of death, researchers find

  Aug. 13, 2024

• Attackers target legacy Cisco Smart Install features

  Aug. 12, 2024

• CrowdStrike pursuing deal to buy patch management specialist Action1

  Aug. 9, 2024

• LoanDepot reports net loss as cyber-related settlement hit Q2 financial results

  Aug. 9, 2024

• Progress Software says SEC declines to pursue action related to MOVEit exploitation spree

  Aug. 8, 2024

• CrowdStrike blames mismatch in Falcon sensor update for global IT outage

  Aug. 7, 2024

• Federal watchdog urges EPA to develop comprehensive cyber strategy to protect water systems

  Aug. 6, 2024

• Insured loss impact could reach $1B following CrowdStrike outage

  Aug. 5, 2024

• CrowdStrike outage renews supply chain concerns, federal officials say

  Aug. 2, 2024

• CrowdStrike investors file class action suit following global IT outage

  Aug. 1, 2024

• Microsoft confirms Azure, 365 outage linked to DDoS attack

  July 31, 2024

• Business interruption claims will drive insurance losses linked to CrowdStrike IT disruption

  July 30, 2024

• SolarWinds legal ruling expected to narrow, but maintain SEC oversight on cyber transparency

  July 29, 2024

• White House, CISA name key cybersecurity officials as national resilience strategy rollout continues

  July 26, 2024

• CrowdStrike CEO says 97% of Windows sensors restored in IT outage recovery effort

  July 26, 2024

• CrowdStrike disruption direct losses to reach $5.4B for Fortune 500, study finds

  July 25, 2024

• CrowdStrike software crash linked to undetected error in content update for Windows users

  July 24, 2024

• Dragos warns of novel malware targeting industrial control systems

  July 23, 2024

• CrowdStrike, Microsoft scramble to contain fallout from global IT outage

  July 22, 2024

• CrowdStrike software update at the root of a massive global IT outage

  July 19, 2024

• Majority of SEC civil fraud case against SolarWinds dismissed, but core remains

  July 18, 2024

• Nearly 1 in 3 software development professionals unaware of secure practices

  July 16, 2024

• AutoNation warns CDK cyberattack will dent quarterly earnings

  July 15, 2024

• Critical infrastructure providers seek guardrails on scope, timeline for CIRCIA rules

  July 8, 2024

• Microsoft warns of elevated risk in Rockwell Automation PanelView Plus CVEs

  July 3, 2024

• Cisco Nexus devices zero day raises alarms despite CVSS score

  July 2, 2024

• Supreme Court ruling on Chevron doctrine may upend future cybersecurity regulation

  July 2, 2024

• TeamViewer’s IT network breached through compromised employee credentials

  July 1, 2024

• Microsoft alerts additional customers of state-linked threat group attacks

  June 28, 2024

• Memory-unsafe code runs rampant in critical open-source projects

  June 27, 2024

• Cyber insurance terms drive companies to invest more in security, report finds

  June 26, 2024

• Cloud security becoming top priority for companies worldwide

  June 25, 2024

• Nearly 150,000 ASUS routers potentially exposed to critical vulnerability

  June 21, 2024

• Santander warns US employees bank account info stolen in third-party database hack

  June 20, 2024

• MFA plays a rising role in major attacks, research finds

  June 18, 2024

• TellYouThePass ransomware widely targets vulnerable PHP instances

  June 14, 2024

• Microsoft president promises significant culture changes geared towards security

  June 14, 2024

• Microsoft will take full ownership for security failures in House testimony

  June 13, 2024

• Rust Foundation leads the charge to improve critical systems security

  June 12, 2024

• SolarWinds file-transfer vulnerability ripe for exploitation, researchers warn

  June 12, 2024

• Critical PHP CVE is under attack — research shows it’s easy to exploit

  June 11, 2024

• Frontier Communications says cyberattack snagged data from 751,000 people

  June 7, 2024

• Tenable to acquire Eureka Security for greater visibility into cloud data environment

  June 6, 2024

• CrowdStrike soars above industry spending concerns, digs at rivals

  June 5, 2024

• White House wants to harmonize the breadth of cybersecurity regulations

  June 5, 2024

• Cyber risk is rising for poorly configured OT devices

  June 3, 2024

• Check Point Software VPN exploitation risk greater than previously stated: researchers

  May 31, 2024

• CISOs under pressure from boards to downplay cyber risk: study

  May 30, 2024

• First American says personal data of 44K breached in December cyberattack

  May 29, 2024

• Check Point Software links newly identified CVE to VPN attacks

  May 29, 2024

• Check Point Software customers targeted by hackers using old, local VPN accounts

  May 28, 2024

• Cyber officials, incident response teams brace for Memorial Day weekend

  May 24, 2024

• White House seeks critical cyber assistance for water utilities, healthcare

  May 23, 2024

• Palo Alto Networks sees strong customer response to platform consolidation strategy

  May 21, 2024

• EPA to ramp up enforcement as most water utilities lack cyber safeguards

  May 21, 2024

• Open source threat intel platform launched weeks after malicious backdoor targeted XZ Utils

  May 20, 2024

• Microsoft warns of hacker misusing Quick Assist in Black Basta ransomware attacks

  May 17, 2024

• Palo Alto Networks signs broad enterprise cybersecurity partnership with IBM

  May 16, 2024

• National Cyber Director echoes past warnings: Nation-state cyber threats are mounting

  May 15, 2024

• Cyber insurance costs are stabilizing as global market grows

  May 14, 2024

• Black Basta ransomware is toying with critical infrastructure providers, authorities say

  May 13, 2024

• White House wants to hold the software sector accountable for security

  May 10, 2024

• 68 tech, security vendors commit to secure-by-design practices

  May 9, 2024

• The US really wants to improve critical infrastructure cyber resilience

  May 8, 2024

• CISA, FBI urge software companies to eliminate directory traversal vulnerabilities

  May 7, 2024

• Microsoft restructures security governance, aligning deputy CISOs and engineering teams

  May 3, 2024

• Clorox lowers sales outlook as recovery from 2023 cyberattack continues

  May 3, 2024

• Hacktivists exploiting poor cyber hygiene at critical infrastructure providers

  May 1, 2024

• CVE exploitation nearly tripled in 2023, Verizon finds

  May 1, 2024

• At Microsoft, years of security debt come crashing down

  April 30, 2024

• Cactus ransomware targets a handful of Qlik Sense CVEs

  April 29, 2024

• Microsoft CEO says security is its No. 1 priority

  April 26, 2024

• Cisco devices again targeted by state-linked threat campaign

  April 25, 2024

• Vintage Microsoft flaw resurfaces, threat actors attack with golden GooseEgg

  April 24, 2024

• Enterprises are getting better at detecting security incidents

  April 23, 2024

• Majority of businesses worldwide are implementing zero trust, Gartner finds

  April 22, 2024

• Fears rise of social engineering campaign as open source community spots another threat

  April 16, 2024

• CISA to big tech: After XZ Utils, open source needs your support

  April 15, 2024

• With Sisense compromise, the race begins to understand the impact

  April 12, 2024

• FBI director echoes past warnings, as critical infrastructure hacking threat festers

  April 11, 2024

• Microsoft embraces common weakness enumeration standard for vulnerability disclosure

  April 10, 2024

• CISO role shows significant gains amid corporate recognition of cyber risk

  April 9, 2024

• Industry stakeholders seek 30-day delay for CIRCIA comments deadline

  April 8, 2024

• CISA assessing threat to federal agencies from Microsoft adversary Midnight Blizzard

  April 5, 2024

• Ivanti pledges security overhaul after critical vulnerabilities targeted in lengthy exploit spree

  April 4, 2024

• Microsoft Exchange state-linked hack entirely preventable, cyber review board finds

  April 3, 2024

• Motivations behind XZ Utils backdoor may extend beyond rogue maintainer

  April 2, 2024

• Red Hat warns of backoor in widely used Linux utility

  April 1, 2024

• Progress Software continues to cooperate with SEC probe into MOVEit exploitation

  March 29, 2024

• Water woes: A federal push for cyber mitigation is highlighting the sector’s fault lines

  March 28, 2024

• CISA issues notice for long-awaited critical infrastructure reporting requirements

  March 27, 2024

• Software makers urged to flush SQL injection vulnerabilities

  March 26, 2024

• Marsh launches group captive insurance firm for cyber

  March 25, 2024

• Novel variant of wiper linked to Viasat attack during Ukraine war raises new fears

  March 22, 2024

• More warnings emerge about state-linked cyber threats to water infrastructure

  March 20, 2024

• What’s material to the SEC, 3 months into cyber disclosure rules?

  March 18, 2024

• FCC approves voluntary cyber labeling program for smart home IoT devices

  March 15, 2024

• Threat actors are turning to novel malware as malicious attacks rise

  March 14, 2024

• White House adds teeth to secure software development requirements

  March 13, 2024

• JetBrains says TeamCity servers exploited as it defends disclosure policies

  March 12, 2024

• Fidelity Investments Life Insurance says customer data breach linked to third-party hack

  March 8, 2024

• Financial services sees sharp increase in DDoS attacks as geopolitical tensions rise

  March 7, 2024

• Yet another threat actor seen exploiting ConnectWise ScreenConnect

  March 6, 2024

• JetBrains TeamCity a ripe attack target as more vulnerabilities emerge

  March 5, 2024

• In ConnectWise attacks, Play and LockBit ransomware exploits developed quickly

  March 4, 2024

• Ivanti exploit warnings go global as Five Eyes sound alarm

  Feb. 29, 2024

• ConnectWise ScreenConnect critical CVE lures an array of threat actors

  Feb. 29, 2024

• White House rallies industry support for memory safe programming

  Feb. 28, 2024

• Ivanti Connect Secure hackers hide in plain sight, evading protections

  Feb. 27, 2024

• MGM Resorts’ cyberattack headache continues as regulators launch investigations

  Feb. 26, 2024

• ConnectWise ScreenConnect faces new attacks involving LockBit ransomware

  Feb. 23, 2024

• ConnectWise ScreenConnect under active exploitation due to critical flaws

  Feb. 22, 2024

• Biden administration issues executive order on port cybersecurity

  Feb. 21, 2024

• Palo Alto Networks’ free incentives offer sparks investor anxiety

  Feb. 21, 2024

• LockBit operations dismantled following international takedown

  Feb. 20, 2024

• FBI-led operation disrupts botnet controlled by state-linked Forest Blizzard

  Feb. 16, 2024

• OpenAI, Microsoft warn of state-linked actors’ AI use

  Feb. 15, 2024

• Ivanti Connect Secure threat activity continues as researchers flag additional flaws

  Feb. 12, 2024

• National cyber director urges private sector collaboration to counter nation-state cyber threat

  Feb. 9, 2024

• CISA, FBI confirm critical infrastructure intrusions by China-linked hackers

  Feb. 7, 2024

• JetBrains warns of another critical CVE in on-premises TeamCity servers

  Feb. 7, 2024

• Ivanti VPNs face renewed threat activity after initial patch release and new CVEs

  Feb. 6, 2024

• Schneider Electric restores sustainability operations after attack

  Feb. 6, 2024

• Business, technology groups back SolarWinds motion to dismiss SEC charges

  Feb. 5, 2024

• Blackbaud settles FTC data security probe into 2020 ransomware attack

  Feb. 2, 2024

• China-linked hackers primed to attack US critical infrastructure, FBI director says

  Feb. 1, 2024

• Delayed Ivanti patch arrives after weeks of exploitation

  Jan. 31, 2024

• In 2024, the cybersecurity industry awaits more regulation — and enforcement

  Jan. 31, 2024

• Schneider Electric hit by ransomware attack against its sustainability business division

  Jan. 30, 2024

• Ivanti Connect Secure zero-day patches delayed

  Jan. 29, 2024

• Midnight Blizzard attack seen as another sign of Microsoft falling short on security

  Jan. 26, 2024

• Trading platform EquiLend down following cyberattack

  Jan. 25, 2024

• Atlassian Confluence Data Center under active exploitation in older versions

  Jan. 23, 2024

• Microsoft to overhaul internal security practices after Midnight Blizzard attack

  Jan. 22, 2024

• CISA issues emergency directive for federal agencies to mitigate Ivanti vulnerabilities

  Jan. 19, 2024

• Ivanti Connect Secure exploitation accelerates as Moody’s calls impact credit negative

  Jan. 19, 2024

• Citrix warns of limited exploitation in a pair of Netscaler zero days

  Jan. 18, 2024

• Ivanti Connect Secure exploitation accelerates, 1,700 devices compromised worldwide

  Jan. 17, 2024

• Cyber tops business risk for enterprises worldwide, report finds

  Jan. 16, 2024

• Ivanti Connect Secure attacks part of deliberate espionage operation

  Jan. 12, 2024

• Ivanti Connect Secure devices face active exploitation, patch schedule staggered

  Jan. 11, 2024

• 5 cybersecurity trends to watch in 2024

  Jan. 10, 2024

• Fidelity National Financial cyberattack impacts up to 1.3M customers

  Jan. 10, 2024

• Merck reaches settlement in closely watched NotPetya insurance case

  Jan. 8, 2024

• Apache OFBiz critical CVE leads to surge in exploitation attempts

  Jan. 5, 2024

• Mimecast acquires human risk management specialist Elevate Security

  Jan. 4, 2024

• SonicWall acquires Banyan Security to boost cloud security portfolio for remote work

  Jan. 3, 2024

• Xerox discloses a subsidiary’s breach following ransomware claim of data theft

  Jan. 3, 2024

• First American Financial confirms threat actors stole and encrypted data

  Jan. 2, 2024

• First American Financial takes systems offline after cyber incident

  Dec. 21, 2023

• CISA seeks comment on secure by design principles to boost global software security

  Dec. 21, 2023

• Cyber risk strategies in hot seat as SEC rules go live

  Dec. 20, 2023

• Comcast’s Xfinity discloses massive data breach linked to CitrixBleed vulnerability

  Dec. 19, 2023

• What the SEC weighed in finalizing the cyber disclosure rules

  Dec. 18, 2023

• State-linked cyber actors behind SolarWinds plant seeds for new malicious campaign

  Dec. 15, 2023

• CitrixBleed isn’t going away: Security experts struggle to control critical vulnerability

  Dec. 14, 2023

• Check Point Software in SEC settlement talks in connection with SolarWinds probe

  Dec. 13, 2023

• White House wants to set minimum cyber standards for hospitals, healthcare

  Dec. 11, 2023

• 2 years on, Log4j still haunts the security community

  Dec. 8, 2023

• Fidelity National Financial still assessing cyberattack impact, but is insured

  Dec. 7, 2023

• CISA performance goals program trims exploited CVEs

  Dec. 6, 2023

• Water utility cyberattacks underscore ongoing threat to OT

  Dec. 5, 2023

• Authorities raise alarm on threats against water, other critical sectors

  Dec. 4, 2023

• Fidelity National Financial restoring operations after containing cyberattack

  Dec. 4, 2023

• Staples hit by cyberattack during critical Cyber Week sales push

  Dec. 1, 2023

• North Texas water utility the latest suspected industrial ransomware target

  Nov. 30, 2023

• CISA warns of threat groups exploiting Unitronics PLCs in water treatment hacks

  Nov. 29, 2023

• For financial services firms, a pattern of malicious cyber activity is emerging

  Nov. 29, 2023

• NY reaches $1M breach settlement with First American Title Insurance

  Nov. 28, 2023

• Authorities pushing for secure AI development practices

  Nov. 27, 2023

• Fidelity National Financial investigating cyberattack that led to service disruption

  Nov. 27, 2023

• CitrixBleed worries mount as nation state, criminal groups launch exploits

  Nov. 22, 2023

• Retailers brace for cyberthreat feast ahead of Thanksgiving shopping weekend

  Nov. 21, 2023

• Stanley Steemer hack breached data of almost 67K customers

  Nov. 17, 2023

• Palo Alto Networks’ largest customers get no-cost incident response

  Nov. 15, 2023

• Rackspace records $5M in expenses related to 2022 ransomware attack

  Nov. 14, 2023

• Dragos again targeted by ransomware group, this time from AlphV

  Nov. 13, 2023

• As Congress weighs budget priorities, top cyber execs urge CISA funding support

  Nov. 10, 2023

• MGM Resorts anticipates no further disruptions from September cyberattack

  Nov. 9, 2023

• CitrixBleed sparks race to patch, hunt for malicious activity

  Nov. 8, 2023

• Microsoft overhauls cyber strategy to finally embrace security by default

  Nov. 3, 2023

• For the SEC, the fraud case against SolarWinds is a cybersecurity warning shot

  Nov. 2, 2023

• Caesars shakes off cyberattack with strong Q3 Las Vegas demand

  Nov. 1, 2023

• Global cybersecurity workforce grows, but still confronts shortfall of 4M people

  Oct. 31, 2023

• SEC charges SolarWinds, its CISO with fraud

  Oct. 30, 2023

• Five Guys discloses hack of 2 employees’ emails

  Oct. 30, 2023

• CISA targets software identification in push to boost supply chain security

  Oct. 27, 2023

• Novel zero-day exploits fuel Q3 surge in DDoS attacks

  Oct. 26, 2023

• Microsoft touts demand for its security services in fiscal Q1, driven by AI appetite

  Oct. 25, 2023

• Citrix urges NetScaler ADC, Gateway customers to patch

  Oct. 24, 2023

• Cisco urges IOS XE customers to patch as thousands of devices remain infected

  Oct. 24, 2023

• Microsoft extends security log retention following State Department hacks

  Oct. 23, 2023

• Cisco releases security fix for widely-exploited IOS XE software vulnerability

  Oct. 20, 2023

• Critical flaw in JetBrains TeamCity exploited weeks after patch issued

  Oct. 20, 2023

• Almost 42K Cisco IOS XE devices exploited, no patch available

  Oct. 19, 2023

• Citrix Netscaler patch for critical CVE bypassed by malicious hackers

  Oct. 18, 2023

• CISA launches new phase of Secure by Design to push global industry on software security

  Oct. 18, 2023

• Cisco’s critical IOS XE software zero day is a ‘bad situation’

  Oct. 17, 2023

• EPA rescinds rule to include cybersecurity in water system audits after legal challenge

  Oct. 16, 2023

• SMBs seek cyber training, support as attack risk surges

  Oct. 16, 2023

• Critical Atlassian Confluence CVE under exploit by prolific state-linked actor

  Oct. 13, 2023

• Federal agencies press OT/ICS providers on open-source security

  Oct. 12, 2023

• Curl CVE has security community on edge as patch drops

  Oct. 11, 2023

• CISA urges security upgrades as DDoS continues to target Rapid Reset zero day

  Oct. 11, 2023

• Cloud giants sound alarm on record-breaking DDoS attacks

  Oct. 10, 2023

• Caesars Entertainment says social-engineering attack behind August breach

  Oct. 9, 2023

• MGM Resorts’ Las Vegas area operations to take $100M hit from cyberattack

  Oct. 6, 2023

• Clorox warns of quarterly loss related to August cyberattack, production delays

  Oct. 5, 2023

• CISA pivots focus to China-linked threats against critical infrastructure

  Oct. 5, 2023

• C-suite leaders to boost cybersecurity compliance amid SEC disclosure rule: Deloitte

  Oct. 2, 2023

• Clorox resumes normal plant operations in the wake of cyberattack

  Oct. 2, 2023

• CISA furloughs will cut deep if government shuts down

  Sept. 29, 2023

• Cisco routers abused by China-linked hackers against US, Japan companies

  Sept. 28, 2023

• CISA rolls dice on public service campaign to raise cyber awareness

  Sept. 27, 2023

• Caesars Entertainment faces class action lawsuits following rewards database hack

  Sept. 27, 2023

• Campbell Soup says summer cyberattack caused limited business impact

  Sept. 26, 2023

• MGM Resorts warns customers of fraud as it faces class action lawsuits

  Sept. 25, 2023

• CISA urges use of memory safe code in software development

  Sept. 22, 2023

• MGM Resorts says hotel, casino operations back up and running

  Sept. 21, 2023

• US is making headway on securing cyber infrastructure, commission says

  Sept. 20, 2023

• FBI director urges private sector to work with the agency on cyber threats

  Sept. 19, 2023

• Clorox warns of product shortages a month after disclosing cyberattack

  Sept. 18, 2023

• MGM, Caesars attacks raise new concerns about social engineering tactics

  Sept. 18, 2023

• Threat actors claim to have compromised MGM Resorts’ Okta environment

  Sept. 15, 2023

• MGM Resorts disruption linked to recent attacks against hospitality industry

  Sept. 14, 2023

• White House, federal cyber leaders pledge renewed support for open source security

  Sept. 13, 2023

• MGM Resorts discloses cyber incident in filing with SEC

  Sept. 13, 2023

• IronNet considers bankruptcy after it furloughs most workers

  Sept. 12, 2023

• MGM Resorts takes systems offline as it investigates cyberattack

  Sept. 11, 2023

• White House mulls rating system to boost cybersecurity for critical infrastructure

  Sept. 11, 2023

• CISA director: Critical infrastructure cyber incident reporting rules almost ready

  Sept. 8, 2023

• Microsoft crash dump exposed key that led to US cabinet email hacks, investigation finds

  Sept. 7, 2023

• Cybersecurity investments boost profitability, resilience: White House

  Sept. 6, 2023

• SEC cyber disclosure rules put CISO liability under the spotlight

  Sept. 5, 2023

• Barracuda patch bypassed by novel malware from China-linked threat group

  Sept. 1, 2023

• CrowdStrike soars on security tool consolidation demand

  Aug. 31, 2023

• US leads takedown of Qakbot malware, which automated initial infections

  Aug. 30, 2023

• Cyber insurance providers increase scrutiny on enterprise risk, report finds

  Aug. 29, 2023

• Corporate boards expand cybersecurity risk oversight, report finds

  Aug. 28, 2023

• Software industry urged to assume risk on open source security

  Aug. 25, 2023

• Barracuda ESG zero-day exploit still under way after patches fail

  Aug. 24, 2023

• Hackers target Pentagon contract site via compromised routers

  Aug. 23, 2023

• SentinelOne pursues potential sale amid slow growth, report says

  Aug. 22, 2023

• Palo Alto Networks posts strong Q4 amid consolidation, new SEC rules

  Aug. 21, 2023

• Palo Alto Networks closely watched ahead of late Friday Q4 report

  Aug. 18, 2023

• Suncor CEO says company mostly recovered from June cyberattack

  Aug. 17, 2023

• SEC cyber rules ignite tension between reputation and security risk

  Aug. 15, 2023

• Microsoft, cloud security under the microscope with federal cyber review

  Aug. 14, 2023

• White House wants input on open source security, memory-safe languages

  Aug. 11, 2023

• New York rolls out statewide cybersecurity strategy

  Aug. 10, 2023

• Rapid7 to cut 18% of workforce, shutter certain offices

  Aug. 9, 2023

• NIST releases draft overhaul of its core cybersecurity framework

  Aug. 9, 2023

• AWS pledges $20M to K-12 cyber training, incident response

  Aug. 7, 2023

• White House rolls out millions in funding to combat K-12 cyberattacks

  Aug. 7, 2023

• CISA seeks to address visibility, resilience in 3-year strategic plan

  Aug. 7, 2023

• Broad SBOM adoption takes root as businesses watch their supply chains

  Aug. 4, 2023

• Tenable CEO calls out Microsoft delay on months-old Azure vulnerability

  Aug. 3, 2023

• Businesses improved cyber incident response times following Log4j, report finds

  Aug. 2, 2023

• White House looks to close massive cyber skills gap

  Aug. 1, 2023

• Reddit names seasoned IT security leader as new CISO

  July 31, 2023

• New Jersey Supreme Court to hear Merck insurance dispute over NotPetya attack

  July 28, 2023

• TSA revises security directives for oil and gas pipelines to test resilience

  July 27, 2023

• SEC votes to overhaul disclosure rules for material cyber events

  July 26, 2023

• White House taps longtime military, intelligence leader for national cyber director

  July 25, 2023

• New York cyber lead warns of what states face in critical infrastructure defense

  July 25, 2023

• Citrix zero day exposes critical infrastructure, one provider hit

  July 24, 2023

• Microsoft attackers may have data access beyond Outlook, researchers warn

  July 21, 2023

• DDoS attacks, growing more sophisticated, surged in Q2

  July 19, 2023

• Microsoft offers free security logs amid backlash from State Department hack

  July 19, 2023

• White House unveils consumer labeling program to strengthen IoT security

  July 18, 2023

• Microsoft hardens key issuance systems after state-backed hackers breach Outlook accounts

  July 17, 2023

• Rockwell Automation, Honeywell warned of critical vulnerabilities in industrial products

  July 14, 2023

• Microsoft warns China-linked APT actor hacked US agency, other email accounts

  July 12, 2023

• RomCom uses Word documents in new phishing campaign, Microsoft warns

  July 12, 2023

• IronNet restructures management in deal to go private

  July 12, 2023

• Cybersecurity funding drops sharply in Q2

  July 11, 2023

• Threat group testing more sophisticated DDoS hacks, authorities warn

  July 10, 2023

• Hackers using TrueBot malware for phishing attacks in US, Canada, officials warn

  July 7, 2023

• Suncor Energy confirms hackers breached Petro-Canada gas stations’ customer rewards data

  July 6, 2023

• IronNet in NYSE compliance crosshairs after failing to file quarterly earnings on time

  July 6, 2023

• Petro-Canada reports service restoration after suspected Suncor breach

  June 29, 2023

• Suncor Energy continues probe of cyber incident disrupting gas station payments

  June 28, 2023

• Rubrik, Microsoft partner to leverage generative AI for faster incident response

  June 28, 2023

• State and local governments grapple to mitigate cyber risks

  June 27, 2023

• SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation

  June 26, 2023

• Big names disclose MOVEit-related breaches, including PwC, EY and Genworth Financial

  June 23, 2023

• Google backs $20M effort to train students for key cybersecurity jobs

  June 23, 2023

• Dole says February ransomware attack breached data of almost 3,900 US workers

  June 22, 2023

• Mondelēz retirement data breached after hacker targets law firm Bryan Cave

  June 21, 2023

• Progress Software faces federal class action lawsuits as MOVEit breach exposure widens

  June 21, 2023

• US puts $10M bounty on Clop as federal agencies confirm data compromises

  June 20, 2023

• Microsoft confirms DDoS attacks caused Azure, OneDrive outages

  June 20, 2023

• SEC delays final rule on cyber incident disclosure as industry pushes back

  June 16, 2023

• Barracuda ESG devices actively exploited in broad, ongoing espionage campaign

  June 15, 2023

• Microsoft review of Azure outage shows spike in HTTP requests as researchers blame DDoS

  June 14, 2023

• Fortinet urges firmware upgrades after critical vulnerability at risk of malicious attacks

  June 13, 2023

• Microsoft says Azure disrupted after a week of repeated service outages

  June 12, 2023

• Cloud services seen as key tool in shifting balance of cyber risk

  June 12, 2023

• Microsoft investigating threat actor claims following multiple outages in 365, OneDrive

  June 9, 2023

• Cyber insurance market is stabilizing as growth remains certain, Moody’s says

  June 8, 2023

• Dragos to slash 9% of workforce, trim other costs amid sales slowdown

  June 8, 2023

• Existing security policy for critical infrastructure needs major overhaul, commission says

  June 7, 2023

• Cybercriminals target C-suite, family members with sophisticated attacks

  June 5, 2023

• FTC chair warns that AI businesses must still operate within existing laws

  June 2, 2023

• CISOs still expect cyber budget increases amid economic pressure

  June 1, 2023

• Moody’s cites credit risk from state-backed cyber intrusions into US critical infrastructure

  May 31, 2023

• PyPI to mandate 2FA by the end of 2023

  May 30, 2023

• Ahead of summer holiday weekends, IT security leaders brace for deliberate cyber mischief

  May 26, 2023

• Broad campaign underway to access US critical infrastructure using small, home office devices

  May 25, 2023

• CISA updates ransomware guide 3 years after its debut

  May 24, 2023

• BEC attacks rise as criminal hackers employ new tactics to evade detection

  May 23, 2023

• Dole incurs $10.5M in direct costs from February ransomware attack

  May 18, 2023

• Cyber resilience programs falling short on preparing workers for a crisis

  May 18, 2023

• House hearing details cyber resilience efforts for energy, water and healthcare

  May 17, 2023

• Yum Brands faces class action suits from employees after ransomware attack

  May 16, 2023

• Western Digital cyberattack not expected to have material impact on future earnings

  May 15, 2023

• Criminal actors switch tactics after Microsoft began to block macros last year

  May 12, 2023

• Dragos says it thwarted extortion bid by known ransomware threat group

  May 11, 2023

• Walden says cybersecurity strategy mostly well-received

  May 10, 2023

• CISO anxiety returns amid heightened concern of material cyberattacks

  May 9, 2023

• Western Digital confirms customer data accessed by hackers in attack

  May 8, 2023

• Former Uber CSO avoids prison time for ransomware coverup

  May 5, 2023

• Google, Dashlane separately move to eliminate passwords

  May 4, 2023

• Merck cyber coverage upheld in NotPetya decision, seen as victory for policyholders

  May 3, 2023

• Most open source maintainers still consider themselves hobbyists, despite compensation pledges

  May 2, 2023

• Organizations are boosting resilience, getting faster at incident response

  May 1, 2023

• CISA seeks public comment on software security attestation form

  April 28, 2023

• Global cyber insurance prices continue to moderate in Q1

  April 27, 2023

• NCR restores more services following ransomware attack

  April 26, 2023

• More than 2K organizations at risk of major attacks linked to SLP vulnerability

  April 25, 2023

• Early warning threat information platform launched for OT

  April 24, 2023

• 3CX has a 7-part plan to shore up its security

  April 20, 2023

• Software industry leaders debate real costs and benefits of CISA security push

  April 14, 2023

• CISA, partner agencies unveil secure by design principles in historic shift of software security

  April 13, 2023

• CISA to unveil secure-by-design principles this week amid push for software security

  April 12, 2023

• 3CX threat actor named as company focuses on security upgrades, customer retention

  April 12, 2023

• Western Digital restores local access to My Cloud Home customers following security breach

  April 11, 2023

• Biden cyber officials see auto, food safety as models for security overhaul

  April 10, 2023

• 3CX updates Windows app for desktop following supply chain attack

  April 7, 2023

• Broad MFA, rapid patching a must to stop cyberattacks, Marsh McLennan finds

  April 6, 2023

• IT security leaders still told to keep data breaches quiet, study finds

  April 6, 2023

• 3CX makes progress restoring Windows app from state-linked supply chain attack

  April 5, 2023

• Palo Alto security software stung by ransomware strain

  April 4, 2023

• Western Digital cyber incident is credit negative: Moody’s analyst

  April 4, 2023

• Western Digital takes systems offline after threat actor gains access to company data

  April 3, 2023

• 3CX retains Mandiant to investigate supply chain attack with global reach

  March 31, 2023

• Supply chain attack against 3CX communications app could impact thousands

  March 30, 2023

• White House eyes the next frontier of cybersecurity — space

  March 30, 2023

• Lumen Technologies says ransomware attack disrupted call centers

  March 29, 2023

• Microsoft unveils Security Copilot built on GPT-4

  March 28, 2023

• Lumen Technologies hit with 2 separate security incidents

  March 28, 2023

• US looks to reimagine cybersecurity paradigm with burden shift, rebuilt infrastructure

  March 24, 2023

• CISA director urges top business leaders, board members to take cyber risk ownership

  March 24, 2023

• CISA revises cybersecurity performance goals

  March 22, 2023

• Outlook zero-day still vulnerable to attackers with prior access, researchers find

  March 20, 2023

• Security drives software purchases for half of US companies

  March 20, 2023

• Google Cloud joins FS-ISAC’s critical providers program to share threat intel

  March 17, 2023

• SEC proposes cybersecurity disclosure rules for financial industry specialists

  March 17, 2023

• Outlook zero day linked to critical infrastructure attacks

  March 16, 2023

• MKS Instruments hit by class-action litigation following ransomware attack

  March 15, 2023

• CISA launches ransomware warning pilot for critical infrastructure providers

  March 14, 2023

• Shift to secure-by-design must start at university level, CISA director says

  March 13, 2023

• Blackbaud to pay $3M to settle SEC charges of a misleading ransomware investigation

  March 10, 2023

• GitHub to begin rollout of 2FA security upgrade for developers

  March 9, 2023

• CrowdStrike grows subscriber base as customers consolidate security services

  March 9, 2023

• TSA unveils emergency cybersecurity requirements for airlines, airports

  March 8, 2023

• Dole doesn’t expect to recover full costs of ransomware attack

  March 8, 2023

• Insurance holding company Group 1001 says operations restored after ransomware attack

  March 7, 2023

• Who is liable for flawed software? New guidance upends the security standard

  March 6, 2023

• EPA unveils cybersecurity oversight for public drinking water systems

  March 3, 2023

• The US cyber strategy is out. Now, officials just have to implement it

  March 3, 2023

• MKS Instruments says February ransomware attack will clip $200M from revenue

  March 2, 2023

• White House releases national cyber strategy, shifting security burden

  March 2, 2023

• CISA red team cracks a critical infrastructure provider’s defenses, a lesson in lateral access

  March 1, 2023

• 3 CISA principles for secure by design

  Feb. 28, 2023

• CISA director urges tech industry to take responsibility for secure products

  Feb. 27, 2023

• Dole hit by ransomware, North America operations briefly disrupted

  Feb. 23, 2023

• IT security budgets triple as businesses confront more cyberattacks across Europe, US

  Feb. 16, 2023

• Google backs federal push for tech to embrace ‘secure by design’

  Feb. 15, 2023

• Liberty Mutual launches global cyber office

  Feb. 14, 2023

• Companies often operate in dark with little applied threat intelligence

  Feb. 13, 2023

• Reddit says limited amount of source code, employee data accessed in phishing attack

  Feb. 10, 2023

• National cyber director to retire this month

  Feb. 9, 2023

• Half of executives expect an increase in cyber incidents targeting financial data: report

  Feb. 8, 2023

• Sports betting apps fumble open source, placing users at risk

  Feb. 7, 2023

• Corporate boards struggle to understand cybersecurity and digital transformation

  Feb. 6, 2023

• CVEs expected to rise in 2023, as organizations still struggle to patch

  Feb. 3, 2023

• 98% of organizations worldwide connected to breached third-party vendors

  Feb. 2, 2023

• Microsoft disables phishing campaign after researchers flag OAuth app abuse

  Feb. 1, 2023

• CISOs to face new budget hurdles in 2023 as economic anxiety lingers

  Jan. 31, 2023

• On deck for the business of cybersecurity: Fire sales and due diligence

  Jan. 31, 2023

• Microsoft surpasses $20B in security revenue as enterprise customers consolidate

  Jan. 30, 2023

• CISA’s public-private cyber collaborative to focus on energy, water

  Jan. 27, 2023

• Threat actors are using remote monitoring software to launch phishing attacks

  Jan. 26, 2023

• Exchange Server under pressure as opportunistic actors step up attacks

  Jan. 25, 2023

• Only half of companies have the budgets necessary to mitigate cybersecurity risks: study

  Jan. 24, 2023

• Almost half of critical manufacturing organizations face significant risk of data breach

  Jan. 23, 2023

• Ransomware attack against Yum! Brands follows several incidents targeting restaurant industry

  Jan. 20, 2023

• World Economic Forum officials warn global instability could lead to catastrophic cyber event

  Jan. 19, 2023

• Mailchimp hit by second cyberattack in 6 months, 133 customers impacted

  Jan. 19, 2023

• Cyber, business interruption remain top global corporate risks

  Jan. 18, 2023

• Four Microsoft Azure services found vulnerable to server-side request forgery

  Jan. 17, 2023

• CircleCI probe links malware placed on engineer’s laptop to larger breach

  Jan. 13, 2023

• Citrix flaw exploited in ransomware attack against small US business

  Jan. 13, 2023

• CircleCI working with AWS to identify, revoke keys impacted by security incident

  Jan. 12, 2023

• Surging cyberthreats, data concerns remain top dispute risks for organizations

  Jan. 12, 2023

• CISA adds Exchange Server, Windows vulnerabilities to catalog of exploited CVEs

  Jan. 11, 2023

• NRF forms cyberthreat intelligence partnership with RH-ISAC

  Jan. 11, 2023

• Beazley launches historic $45M cyber catastrophe bond

  Jan. 10, 2023

• CircleCI incident raises further concerns about security of software development

  Jan. 9, 2023

• Rackspace confirms ransomware attack hit a small percentage of its Hosted Exchange customers

  Jan. 6, 2023

• 6 security experts on what cyberthreats they expect in 2023

  Jan. 6, 2023

• Slack employee tokens stolen, GitHub repository breached

  Jan. 5, 2023

• Freight company Wabtec discloses June cyberattack impacting US, overseas operations

  Jan. 4, 2023

• Rackspace identifies ransomware threat actor behind December attack via Exchange

  Jan. 3, 2023

• Rackspace recovers old emails as customers await answers from ransomware probe

  Dec. 22, 2022

• New exploit for Microsoft’s ProxyNotShell mitigation side steps fix

  Dec. 22, 2022

• Remote, third-party workers raise security risks for enterprises: report

  Dec. 21, 2022

• MacOS vulnerability allows threat actors to bypass Apple Gatekeeper

  Dec. 20, 2022

• Apple CIO steps down from Rackspace board citing new job duties

  Dec. 19, 2022

• Rackspace executives stand by ransomware response

  Dec. 16, 2022

• Rackspace blames ransomware attack on financially motivated threat actor

  Dec. 15, 2022

• Threat actors abuse legitimate Microsoft drivers to bypass security

  Dec. 13, 2022

• Fortinet urges customers to upgrade systems amid critical vulnerability

  Dec. 13, 2022

• Rackspace says more than two-thirds of customers regained email access

  Dec. 12, 2022

• Fear, panic and Log4j: One year later

  Dec. 9, 2022

• Rackspace scrambles to assist customers as ransomware probe continues

  Dec. 8, 2022

• Microsoft taps security demand to drive M365 amid fragmented market

  Dec. 7, 2022

• Rackspace says ransomware disrupted its Hosted Exchange business

  Dec. 6, 2022

• Infostealer malware surges on dark web amid rise in MFA fatigue attacks

  Dec. 5, 2022

• Cyber Safety Review Board to probe Lapsus$ ransomware spree

  Dec. 2, 2022

• Defense Department launches zero trust, phasing out perimeter defense strategy

  Nov. 23, 2022

• Three-quarters of retail, hospitality applications have security flaws

  Nov. 22, 2022

• Palo Alto Networks reports strong fiscal Q1 as security needs outpace economic fears

  Nov. 21, 2022

• Offshore oil and gas at risk of potentially catastrophic cyberattack: GAO

  Nov. 18, 2022

• Iran-linked threat actors exploiting Log4Shell via unpatched VMware, feds warn

  Nov. 16, 2022

• Critical infrastructure providers ask CISA to place guardrails on reporting requirements

  Nov. 16, 2022

• High risk, critical vulnerabilities found in 25% of all software applications and systems

  Nov. 15, 2022

• K-12 schools lack resources, funding to combat ransomware threat

  Nov. 14, 2022

• CISA warns unpatched Zimbra users to assume breach

  Nov. 11, 2022

• Citrix CVEs need urgent security updates, CISA says

  Nov. 10, 2022

• SolarWinds under SEC probe related to 2020 supply chain attack

  Nov. 9, 2022

• Microsoft finally releases security updates for ProxyNotShell zero days

  Nov. 8, 2022

• Mondelē​​z settlement in NotPetya case renews concerns about cyber insurance coverage

  Nov. 8, 2022

• NIST seeks water industry feedback on boosting cyber resilience

  Nov. 4, 2022

• CISA director bullish on private sector cooperation toward cybersecurity goals

  Nov. 3, 2022

• US ransomware payments surge to $1.2B in 2021: Treasury

  Nov. 2, 2022

• OpenSSL releases patch for 2 high-severity vulnerabilities after prior warning

  Nov. 1, 2022

• Critical OpenSSL vulnerability causes security industry to hold its breath

  Nov. 1, 2022

• Industrial providers ramp up cyber risk posture as OT threats evolve

  Oct. 31, 2022

• White House convenes dozens of countries to fight ransomware

  Oct. 31, 2022

• CISA aims for target rich, resource poor sectors in rollout of security basics

  Oct. 28, 2022

• CISA releases long-awaited cybersecurity performance goals for critical infrastructure

  Oct. 27, 2022

• GitHub vulnerability raises risk of open source supply chain attack

  Oct. 27, 2022

• Microsoft security business surges as cloud segment hit by slumping economy

  Oct. 26, 2022

• FTC orders Drizly to tighten data security practices as 2.5M consumers exposed

  Oct. 25, 2022

• Help wanted for 3.4M jobs: Cyber workforce shortage is an acute, worldwide problem

  Oct. 24, 2022

• White House plans IoT security labeling program for spring 2023

  Oct. 21, 2022

• National cybersecurity strategy to debut within months, White House official says

  Oct. 20, 2022

• TSA rolls out long-anticipated cyber directive for freight, passenger rail systems

  Oct. 19, 2022

• Uber ex-CSO verdict raises thorny issues of cyber governance and transparency

  Oct. 19, 2022

• Apache urges users to upgrade Common Text version to block ‘Text4Shell’ vulnerability

  Oct. 19, 2022

• Critical vulnerability surfaces in Apache Commons Text library

  Oct. 17, 2022

• Fortinet attacks escalate as company warns large swath of customers to upgrade

  Oct. 17, 2022

• White House to roll out Energy Star-like ratings for IoT

  Oct. 12, 2022

• CISA adds Fortinet CVE to vulnerability catalog after attacks escalate

  Oct. 12, 2022

• CISOs, corporate boards in wide disagreement on cyber resilience

  Oct. 10, 2022

• Microsoft struggles to mitigate Exchange Server CVEs as it races to complete patch

  Oct. 6, 2022

• Microsoft updates guidance to prevent future Exchange server attacks

  Oct. 5, 2022

• CISA orders federal IT overhaul with automated asset inventory, software scanning

  Oct. 4, 2022

• Microsoft warns of potential escalation for Exchange server zero days

  Oct. 3, 2022

• Microsoft investigating 2 zero-day vulnerabilities in Exchange Server

  Sept. 30, 2022

• C-suite, boards are prioritizing cybersecurity, but still expect increased threats

  Sept. 30, 2022

• State-linked actor targets VMware hypervisors with novel malware

  Sept. 29, 2022

• Most organizations had a cloud-related security incident in the past year

  Sept. 28, 2022

• Strict security rules could push open source community out of federal work, expert says

  Sept. 27, 2022

• American Airlines phishing attack involved unauthorized access to Microsoft 365

  Sept. 26, 2022

• Malicious OAuth applications used to control Exchange tenants in sweepstakes scam

  Sept. 23, 2022

• Organizations rapidly shift tactics to secure the software supply chain

  Sept. 22, 2022

• Stolen single sign-on credentials for major firms available for sale on dark web

  Sept. 21, 2022

• American Airlines targeted by threat actor in July data incident

  Sept. 20, 2022

• White House guidance on third-party software seen as a major test of cyber risk strategy

  Sept. 19, 2022

• LastPass says it contained August breach, leaving customer data and vaults secure

  Sept. 16, 2022

• Industrial control systems face more cyber risks than IT, expert testifies

  Sept. 16, 2022

• White House sets minimum security standards for federal software use

  Sept. 14, 2022

• Security vendor consolidation a priority for majority of organizations worldwide

  Sept. 14, 2022

• US is shoring up gaps in cyber policy, but critical goals remain unfulfilled

  Sept. 13, 2022

• US Treasury sanctions Iran intelligence agency following Albanian government attack

  Sept. 12, 2022

• CISA announces RFI for critical infrastructure cyber reporting mandate

  Sept. 9, 2022

• Researchers warn older D-Link routers are under threat from Mirai malware variant

  Sept. 8, 2022

• CISA Director: Tech industry should infuse security at product design stage

  Sept. 7, 2022

• PyPI contributors targeted by JuiceLedger in latest attack against open source

  Sept. 6, 2022

• Feds push for developers to take lead in securing software supply chain

  Sept. 2, 2022

• CrowdStrike, Palo Alto earnings show resilience in cyber investments amid macro concerns

  Sept. 1, 2022

• Slack enhances platform security amid rapid expansion and heightened risk

  Aug. 31, 2022

• Google tackles open source security with vulnerability rewards program

  Aug. 30, 2022

• Changing cyber insurance guidance from Lloyd’s reflects a market in turmoil

  Aug. 29, 2022

• Researchers say Cisco firewall software remains vulnerable to attack despite patch

  Aug. 26, 2022

• LastPass breached, portions of source code stolen, CEO says

  Aug. 26, 2022

• Threat actors again target critical SAP ICMAD vulnerabilities

  Aug. 23, 2022

• Media companies at high risk of malicious cyberattack: Report

  Aug. 22, 2022

• Risk of cyberattack emerges as top concern of US executives

  Aug. 19, 2022

• Mailchimp breach shines new light on digital identity, supply chain risk

  Aug. 18, 2022

• DigitalOcean, caught in Mailchimp security incident, drops email vendor

  Aug. 17, 2022

• Zero trust adoption skyrockets, nearing universal adoption

  Aug. 16, 2022

• CISA director lauds first-year efforts of public-private cyber collaborative

  Aug. 15, 2022

• Critical flaws on widely used Cisco firewalls left unpatched for months

  Aug. 12, 2022

• Log4j was the right incident for inaugural review, safety board says

  Aug. 11, 2022

• Blockchain, privacy advocates push back on Tornado Cash sanctions

  Aug. 10, 2022

• Businesses boost software supply chain security, but strategies remain fragmented

  Aug. 9, 2022

• Twitter vulnerability risk resurfaces, testing the security of pseudonymous users

  Aug. 8, 2022

• White House to incorporate performance metrics into national cybersecurity strategy

  Aug. 5, 2022

• US must take a lead role in cyber diplomacy, State Dept. nominee says

  Aug. 4, 2022

• Threat actors hide malware in legitimate — and high profile — applications

  Aug. 3, 2022

• Initial access brokers selling online access to unsuspecting MSPs

  Aug. 2, 2022

• Threat actors shifting tactics as Microsoft blocks, unblocks and reblocks macros

  July 29, 2022

• CISA expands cyber relationship with Ukraine authorities

  July 28, 2022

• Mandiant red team breaches OT servers to mimic crime group techniques

  July 27, 2022

• Uber reaches non-prosecution deal with feds after concealing data breach

  July 26, 2022

• Google backs federal review board's Log4j, open source security push

  July 25, 2022

• TSA revises cybersecurity requirements for oil and gas pipelines

  July 22, 2022

• Where 5 programs are investing to close cyber skills gap

  July 21, 2022

• White House takes on cyber workforce gap through 120-day apprenticeship sprint

  July 20, 2022

• State-backed threat actors use Google Drive, Dropbox to launch attacks

  July 19, 2022

• Google deal to buy Mandiant clears key antitrust hurdle

  July 19, 2022

• CISA eyes cross-pond cyber cooperation with London office

  July 18, 2022

• Companies cannot see — or protect — nearly half of all device endpoints

  July 13, 2022

• Microsoft rollback on macro blocking in Office sows confusion

  July 11, 2022

• Mid-sized companies grapple with response to cyber crises

  July 8, 2022

• Apple's coming security features an answer to government-backed spyware

  July 7, 2022

• Threat actors capitalize on red team tool capable of bypassing EDR, antivirus

  July 6, 2022

• Google TAG exposes hack-for-hire groups targeting activists and sensitive data

  July 5, 2022

• Federal authorities warn MedusaLocker ransomware targeting remote desktop vulnerabilities

  July 1, 2022

• Google enhances password manager to boost security across platforms

  June 30, 2022

• Cash-strapped Main Street organizations face global cyberthreats

  June 29, 2022

• New York names first chief cyber officer

  June 28, 2022

• Carnival to pay $5M for cyber violations to NY financial regulator

  June 27, 2022

• Organizations lag on confidence and policies to manage open source security

  June 24, 2022

• Department of Energy rethinks cyber resilience in strategy to secure the grid

  June 23, 2022

• Dozens of vulnerabilities threaten major OT device makers

  June 21, 2022

• Microsoft releases long sought patch for Office Follina zero day as CISA, customers assess impact

  June 15, 2022

• Microsoft resolves critical vulnerability in Azure Synapse after prior patches fall short

  June 14, 2022

• Tenable CEO calls out Microsoft on lack of transparency on vulnerabilities

  June 13, 2022

• Threat actors deploy new attack methods as Microsoft Follina vulnerability lingers

  June 10, 2022

• FBI, CISA issue warning on China-backed cyber threats against the telecom industry

  June 8, 2022

• Attackers aim for Atlassian Confluence zero day with mass, targeted exploitation

  June 7, 2022

• Atlassian releases fix for critical zero day impacting Confluence

  June 3, 2022

• CISA issues warning after critical zero day hits Atlassian's Confluence

  June 3, 2022

• Russia, backed by ransomware gangs, actively targeting US, FBI director says

  June 2, 2022

• Microsoft zero day under attack as industry awaits patch

  June 1, 2022

• Microsoft Office zero day leaves researchers scrambling over the holiday weekend

  May 31, 2022

• Oil and gas industry pledges cyber cooperation at World Economic Forum

  May 26, 2022

• Feds remain in the dark as ransomware disclosure lags

  May 25, 2022

• Russian disinformation campaigns disrupt Ukraine narrative

  May 24, 2022

• Feds release grim reminder: Threat actors prey on basic security mishaps

  May 20, 2022

• Biden administration makes inroads amid zero trust rollout

  May 19, 2022

• How the Colonial Pipeline attack instilled urgency in cybersecurity

  May 17, 2022

• Tech giants pledge multimillion down payment to secure open source

  May 13, 2022

• White House cyber executive order still has unfinished business

  May 12, 2022

• US, allies blame Russia for Viasat cyberattack

  May 11, 2022

• Colonial Pipeline faces nearly $1M in penalties as federal regulator discloses violations

  May 6, 2022

• Microsoft, Apple and Google double down on FIDO passwordless standard

  May 5, 2022

• Ukraine cyberthreat activity ramps up against critical infrastructure, governments

  May 4, 2022

• Critical CVEs put Aruba Networks, Avaya enterprise switches at risk

  May 3, 2022

• Familiar names top 2021's most-exploited vulnerabilities list

  May 2, 2022

• M&A sets record pace as ransomware, nation-state threats fuel security demand

  April 29, 2022

• Ransomware attacks, payouts soared worldwide in 2021: report

  April 27, 2022

• Emotet botnet tests new techniques after global crackdown

  April 26, 2022

• AWS reissues Log4Shell hotpatch after vulnerabilities found

  April 22, 2022

• Cyber agencies renew warnings of Russia-linked threats against industrial targets

  April 21, 2022

• Threat detection accelerates in Asia, Europe, as notification trends shift

  April 19, 2022

• Authorities warn dangerous new malware can shut down, sabotage industrial sites

  April 14, 2022

• Microsoft intercepts Zloader botnet, a distributor for Ryuk ransomware

  April 14, 2022

• Datto, SailPoint acquired for more than $6B each amid growing cyber consolidation

  April 11, 2022

• Microsoft blocks Russian cyberattacks linked to Ukraine war

  April 8, 2022

• DOJ disrupts Russia-backed Cyclops Blink botnet

  April 7, 2022

• Federal authorities urged to bolster intel sharing amid nation-state threats

  April 6, 2022

• State Department launches cyber bureau amid rising global tensions

  April 5, 2022

• Viasat network cyberattack linked to newly discovered Russian wiper

  April 1, 2022

• Biden administration's FY 2023 budget includes 11% increase for cyber

  March 30, 2022

• Nation-state threat actors remain steps ahead of defenders

  March 28, 2022

• White House warns US of possible Russian cyberattack linked to Ukraine invasion

  March 21, 2022

• Cyberthreats grow as US, NATO countries press Russia sanctions

  March 18, 2022

• Russian state-sponsored actors target PrintNightmare, MFA settings

  March 16, 2022

• What cyber incident reporting rules mean for critical infrastructure

  March 15, 2022

• Congress adds historic cyber incident reporting rule to massive $1.5 trillion package

  March 11, 2022

• CrowdStrike shares surge on strong Q4 earnings and robust annual forecast

  March 10, 2022

• Russian cyberattacks surprisingly limited in Ukraine, US officials say

  March 9, 2022

• Google swoops in to buy Mandiant for $5.4B after weeks of market speculation

  March 8, 2022

• Sinclair losses mount as ransomware costs exceed insurance policy

  March 7, 2022

• Ukraine war tests cyber insurance exclusions

  March 3, 2022

• New wiper, worm attacks emerge in Ukraine targeting government and industry

  March 1, 2022

• Cyberattack on Nvidia results in data leak, credential theft

  Feb. 25, 2022

• DHS to lead federal response to Russia-Ukraine crisis

  Feb. 25, 2022

• Botnets, data wiping malware spread as Ukraine incursion begins

  Feb. 24, 2022

• Colonial Pipeline names cybersecurity veteran as first CISO

  Feb. 23, 2022

• Security hampers enterprise cloud adoption: report

  Feb. 22, 2022

• US links Russia to Ukraine DDoS attacks

  Feb. 18, 2022

• Critical SAP CVEs leave broad exposure, fixes require downtime

  Feb. 17, 2022

• Officials warn of asymmetric cyberattacks as Ukraine conflict simmers

  Feb. 16, 2022

• Log4j highlights ongoing cyber risk from free, open source software: Moody's

  Feb. 11, 2022

• Critical SAP vulnerabilities spur CISA, researcher pleas for urgent patching

  Feb. 10, 2022

• Apache tells US Senate committee the Log4j vulnerability could take years to resolve

  Feb. 9, 2022

• NIST targets software supply chain with guidance on security standards

  Feb. 7, 2022

• DHS adds review board to advise federal response to major cyberattacks

  Feb. 3, 2022

• Threat actors pressure OT, critical infrastructure by leaking sensitive data

  Feb. 2, 2022

• Conflict over Ukraine raises cyber risk for US enterprises

  Feb. 1, 2022

• Blackberry links initial access broker activity to Log4Shell exploit in VMware Horizon

  Jan. 26, 2022

• DHS warns local authorities, critical infrastructure providers over potential Russia threat

  Jan. 25, 2022

• Boards, CISOs seek alignment on OT security challenges

  Jan. 24, 2022

• Ukraine tensions raise cyberthreats against US companies, critical infrastructure

  Jan. 21, 2022

• Log4j raises cyber risk for public finance entities, Fitch warns

  Jan. 19, 2022

• Cobalt Strike targets VMware Horizon after UK warnings of Log4Shell threats

  Jan. 18, 2022

• Big tech pushes White House for open source funding, standards after Log4j

  Jan. 14, 2022

• FCC seeks stronger breach reporting rules for telecoms

  Jan. 13, 2022

• Log4j threat activity limited, but CISA says actors lay in wait

  Jan. 11, 2022

• Log4Shell threat activity targeting VMware Horizon, UK researchers warn

  Jan. 10, 2022

• Can SOAR technology help SOCs regain the advantage in threat detection?

  Jan. 7, 2022

• FTC threatens enforcement on firms lax about Log4j vulnerability

  Jan. 5, 2022

• Log4j activity expected to play out well into 2022

  Jan. 4, 2022

• US allies call for Log4j vigilance as organizations struggle to detect vulnerabilities

  Dec. 23, 2021

• Organizations still downloading vulnerable Log4j versions

  Dec. 22, 2021

• Federal authorities brace for long holiday as Log4j threat activity rises

  Dec. 20, 2021

• Log4j: What we know (and what's yet to come)

  Dec. 17, 2021

• Log4j attacks poised to rise as threat actors search for attack vectors

  Dec. 16, 2021

• Log4j threat expands as second vulnerability emerges and nation states pounce

  Dec. 15, 2021

• Log4j under siege, millions of devices vulnerable

  Dec. 14, 2021

• Federal authorities, technology vendors race to contain Log4j vulnerability

  Dec. 13, 2021

• Is the security of legacy IT providers prompting a confidence crisis?

  Dec. 8, 2021

• A year later, Nobelium-linked threat actors still target businesses, government

  Dec. 6, 2021

• Insurer Lloyd's slashes coverage on state-sponsored cyberattacks, reflecting battered market

  Dec. 3, 2021

• Majority of US retailers, critical infrastructure unscathed after holiday cyber warnings

  Nov. 30, 2021

• Crypto becoming the preferred currency of cybercriminals and rogue governments

  Nov. 24, 2021

• GoDaddy breach raises questions about how to secure identity in the enterprise

  Nov. 23, 2021

• Enterprises prepare for ransomware threats during Thanksgiving

  Nov. 22, 2021

• 30K Microsoft Exchange Servers remain vulnerable to new tactics

  Nov. 18, 2021

• Companies urged to alert federal law enforcement in ransomware cases

  Nov. 17, 2021

• Threat actor breaches HPE's Aruba Central via data repository access key

  Nov. 16, 2021

• Banks outpace other industries in cyber investments, defense strategies: report

  Nov. 15, 2021

• A year after SolarWinds, third-party risk still threatens the software supply chain

  Nov. 12, 2021

• US backs Paris-led effort on cybersecurity cooperation

  Nov. 11, 2021

• Trust is becoming a CISO priority, boosts customer stickiness

  Nov. 10, 2021

• DOJ unveils charges, money seizures in multinational crackdown against REvil

  Nov. 9, 2021

• Pentagon revamps CMMC program to help SMBs meet compliance standards

  Nov. 5, 2021

• Sinclair Broadcast still assessing financial impact of ransomware attack

  Nov. 4, 2021

• Ransomware actors attempt to toy with stock valuation, disrupt M&A, FBI says

  Nov. 3, 2021

• Most companies dealing with employee misuse of business apps: report

  Nov. 2, 2021

• SolarWinds threat actor targets cloud services, Microsoft 365 mailboxes

  Nov. 1, 2021

• Twitter eyes phishing deterrence with security key rollout

  Oct. 29, 2021

• Corporate boards, C-suite finally prioritize cyber after years of business risk

  Oct. 27, 2021

• Supply chain attacks lift debate on how to manage software vulnerabilities

  Oct. 21, 2021

• Sinclair Broadcast becomes latest media group to face ransomware attack

  Oct. 19, 2021

• Federal agencies warn of ransomware targeting water, wastewater treatment plants

  Oct. 18, 2021

• Ransomware summit takeaways: Pledges to disrupt safe havens, money laundering

  Oct. 15, 2021

• Biden administration seeks international progress on ransomware fight

  Oct. 14, 2021

• Cybersecurity tool sprawl leading to burnout, false positives: report

  Oct. 13, 2021

• War room preparation key to ransomware response, experts say

  Oct. 11, 2021

• DOJ cracks down on ransomware with cyber task force, civil fraud initiative

  Oct. 7, 2021

• Insider threat environment faces challenges amid changing corporate landscape

  Oct. 6, 2021

• Top global companies falling short in protecting domain security

  Oct. 5, 2021

• REvil, DarkSide highlight surge in Q2 ransomware attacks: report

  Oct. 4, 2021

• Threat actors more frequently — and successfully — target Active Directory

  Sept. 30, 2021

• Microsoft, under attack from threat actors, positions itself as cyber guardian

  Sept. 29, 2021

• Microsoft warns of new credential-stealing backdoor from SolarWinds threat actor

  Sept. 28, 2021

• Ransomware compromises customer data in farm co-op attack

  Sept. 23, 2021

• Enterprises plan major investments as remote work escalates security risk: report

  Sept. 22, 2021

• BlackMatter gang targets Iowa agriculture cooperative in a test of critical infrastructure

  Sept. 21, 2021

• Companies must develop operational plan for ransomware recovery

  Sept. 17, 2021

• Boards rethink incident response playbook as ransomware surges

  Sept. 15, 2021

• Executives fail to make software supply chain security a priority, report finds

  Sept. 14, 2021

• Fortinet credential drop linked to fissure in ransomware group

  Sept. 10, 2021

• InfoSec teams under pressure to compromise security for productivity: report

  Sept. 9, 2021

• Exploits underway for Microsoft zero day leveraging Office documents

  Sept. 8, 2021

• Cybersecurity discussion growing in regulatory filings

  Sept. 8, 2021

• Neuberger amplifies Labor Day ransomware fears

  Sept. 3, 2021

• Machine identity remains a mystery, threatening digital security

  Sept. 2, 2021

• Ransomware capitalizes on holiday weekends. Feds urge vigilance over Labor Day

  Sept. 1, 2021

• Azure flaw exposes enterprise databases, raising questions on cloud security

  Aug. 30, 2021

• Facility management worried about OT cybersecurity, but few plan to fix it

  Aug. 27, 2021

• More threats target Linux, a foundation for the cloud, report finds

  Aug. 25, 2021

• Microsoft Exchange vulnerabilities targeted in ProxyShell attacks

  Aug. 24, 2021

• Men more likely to engage in risky online behavior: report

  Aug. 20, 2021

• Up to 83M IoT devices at risk of remote access

  Aug. 18, 2021

• How much does phishing really cost the enterprise?

  Aug. 17, 2021

• Insider risk surges as resignations mount

  Aug. 13, 2021

• Criminal middlemen administer access to privileged accounts

  Aug. 12, 2021

• APT actors target Microsoft 365 using novel techniques

  Aug. 6, 2021

• Decade-old router flaw allows cross-network access, Tenable finds

  Aug. 4, 2021

• Ransomware, supply chain attacks put cyber insurers on notice

  July 28, 2021

• OT cyberattacks could threaten human safety by 2025: Gartner

  July 26, 2021

• No ransom paid to obtain decryptor, Kaseya says

  July 23, 2021

• Lack of visibility leaves critical infrastructure vulnerable to ransomware

  July 22, 2021

• White House ties cyberattacks to China, but private sector awaits stronger action

  July 20, 2021

• WFH shift tests resilience of financial services amid surge in phishing, ransomware

  July 16, 2021

• Behind the Firewall: How 6 security execs screen vendors

  July 16, 2021

• Kaseya restores SaaS monitoring service after REvil ransomware attack

  July 12, 2021

• Kaseya: What's known (and unknown) about the ransomware attack

  July 9, 2021

• Kaseya postpones service restoration, apologizes for attack

  July 8, 2021

• Kaseya misses first attempt to restore SaaS following REvil attack

  July 7, 2021

• Kaseya wrestles with service restoration following supply chain attack

  July 6, 2021

• Ransomware attack against Kaseya creates rippling supply chain compromise

  July 2, 2021

• Cloud targeted in widespread brute force campaign

  July 2, 2021

• Cobalt Strike rising in prominence among criminal threat actors

  July 1, 2021

• Critical goods industries face existential ransomware decisions

  June 30, 2021

• Spoofing, spear phishing dominate BEC attacks: report

  June 29, 2021

• Microsoft customer service agent briefly hit by fresh Nobelium attacks

  June 28, 2021

• Behind the Firewall: How 5 cyber execs got started in security

  June 25, 2021

• Gaps in DOD supply chain leave Pentagon vulnerable: report

  June 24, 2021

• Infosec execs still lack direct access to the CEO: study

  June 22, 2021

• Attacks against container supply chains grow more sophisticated

  June 21, 2021

• Critical infrastructure sites face greater cyberthreat amid remote connectivity

  June 18, 2021

• Biden confronts Putin on cyberattacks, private sector optimistic

  June 17, 2021

• CISOs, CIOs see heightened mobile security threat amid shift to hybrid

  June 16, 2021

• Patched Microsoft Teams vulnerability shows the delicacy of messaging platforms

  June 15, 2021

• Codecov to sunset Bash Uploader following April supply chain attack

  June 14, 2021

• Behind the Firewall: How 9 execs implement cybersecurity at home

  June 11, 2021

• Colonial CEO defends oversight response, urges transparency on ransomware

  June 10, 2021

• Colonial CEO says ransomware hackers exploited legacy VPN

  June 9, 2021

• Apple's privacy, security features seen as favorable to enterprise remote work

  June 8, 2021

• Data breaches, poor cyber practices raise cost of borrowing: study

  June 7, 2021

• CISOs earn higher profile with remote work, evolving threats

  June 3, 2021

• Phishing attack against US government, NGOs shakes assumptions on containment

  June 2, 2021

• APT actors ramp up cyber campaign targeting Pulse Secure VPNs

  May 28, 2021

• Behind the Firewall: 4 cyber executives on security disasters they avoided

  May 28, 2021

• Compromised cloud costs companies $6.2M annually, study finds

  May 27, 2021

• Threat actors scan for vulnerabilities faster than enterprises can respond: Palo Alto

  May 26, 2021

• Off-the-shelf tools, unsophisticated techniques threaten industrial systems

  May 25, 2021

• Ransomware seen as top cyberthreat as extortion demands, payouts soar

  May 24, 2021

• SolarWinds CEO extends hack timeline, rethinks intern blame

  May 20, 2021

• White House to take proactive role in ransomware fight

  May 19, 2021

• AI will change scale and scope of hacking, security expert says

  May 18, 2021

• Ransomware fears escalate as Irish health service, Toshiba unit targeted

  May 14, 2021

• Colonial Pipeline begins fuel delivery relaunch after ransomware attack

  May 13, 2021

• Colonial Pipeline disconnects OT systems to silo ransomware IT threat

  May 12, 2021

• Critical infrastructure flaws surface after years of underinvestment, inaction

  May 11, 2021

• Colonial Pipeline attack embodies security risk to nation's critical infrastructure

  May 10, 2021

• VPN vulnerabilities haunt defense industry as threat actors find new openings

  May 10, 2021

• Targeted industrial control systems add cautionary flag to cyber defense strategies

  May 6, 2021

• Cyberthreats dog the US supply chain, complicated by global competition

  May 5, 2021

• Password managers are a necessary — yet vulnerable — last line of defense

  May 4, 2021

• XDR to succeed legacy technologies as emerging threats pressure security

  May 3, 2021

• First Horizon breach highlights rising threats against financial institutions

  April 29, 2021

• Passwordstate customers targeted with new round of phishing attacks

  April 29, 2021

• Work from home means far less security visibility, report says

  April 28, 2021

• Cyberattack on Passwordstate tests confidence in password managers

  April 27, 2021

• Codecov hack — likened to SolarWinds — targets software supply chain

  April 23, 2021

• Attackers leverage Pulse Secure VPNs to target defense, financial industries

  April 22, 2021

• CISOs call for holistic enterprise approach to third-party security risk

  April 21, 2021

• Companies take second look at third-party risk management programs

  April 20, 2021

• US companies plot return to office, raising questions on hybrid security

  April 19, 2021

• Poor management of privileged accounts leaves organizations open to attack

  April 15, 2021

• Feds launch coordinated effort to mitigate remaining Microsoft Exchange flaws

  April 14, 2021

• Half of business continuity changes hurt cybersecurity, study shows

  April 12, 2021

• Enterprise security leaders fear rising AI use among threat actors: report

  April 9, 2021

• VPN security falls short as demand increases for remote workforce at scale

  April 7, 2021

• Employees can't quit habit of writing down, sharing passwords

  April 6, 2021

• Enterprises lag on firmware security spending in face of rising threat

  April 1, 2021

• Molson Coors incident shines a light on industrial cyberattack vulnerabilities

  March 30, 2021

• Security leaders: Expect more insider data leaks, threats in 2021

  March 29, 2021

• Babuk ransomware group emerges with new claims against US companies

  March 26, 2021

• Remote work gives rise to more executive credential theft

  March 25, 2021

• Threat data sharing considered critical to defense amid rise in sophisticated attacks: report

  March 24, 2021

• Spending on IAM, zero trust to rise as companies extend remote work

  March 23, 2021

• SolarWinds threat actors accessing Microsoft 365 by altering permissions

  March 22, 2021

• Microsoft Exchange fixes arrive, but some companies lack IT resources to repair

  March 19, 2021

• Mimecast migrates to Cisco following supply chain attack

  March 17, 2021

• White House looks to tighten private sector coordination, gain infrastructure insight

  March 15, 2021

• Microsoft deploys more updates to contain Exchange server fallout

  March 12, 2021

• Enterprises scramble to secure Microsoft Exchange as cybercriminals rush in

  March 10, 2021

• Microsoft Exchange server compromise escalates as mitigation efforts fall short

  March 8, 2021

• 3 new malware strains show persistence, sophistication of SolarWinds actor

  March 5, 2021

• Qualys confirms data breach related to Accellion after documents leak

  March 4, 2021

• Malicious email campaigns target business platforms following remote work surge

  March 4, 2021

• Exploited Microsoft Exchange campaign hits hundreds of organizations, researchers find

  March 3, 2021

• Companies overestimate ability to manage remote worker security

  March 2, 2021

• Google Cloud enters cyber insurance collaboration with Allianz, Munich Re

  March 2, 2021

• SolarWinds missed early security warnings

  March 1, 2021

• SolarWinds execs warn of short-term impacts from cyberattack, as renewal rates slow

  Feb. 26, 2021

• Researchers find vulnerabilities inside multiple virtual event, business platforms

  Feb. 25, 2021

• Senate SolarWinds hearing turns attention to breach notification laws, intel sharing

  Feb. 24, 2021

• Apple faces malware threats as it makes an enterprise push

  Feb. 23, 2021

• Microsoft says it was not a SolarWinds attack vector, after completing internal probe

  Feb. 19, 2021

• Water system hack reveals thousands of organizations vulnerable to Window 7 exposure

  Feb. 19, 2021

• Ransomware, poor security drove spike in healthcare breaches in 2020

  Feb. 17, 2021

• Organizations running SolarWinds Orion online drops 25% since December: report

  Feb. 12, 2021

• White House taps Neuberger to lead SolarWinds government response

  Feb. 11, 2021

• SolarWinds fallout turns security eye to Microsoft Office 365

  Feb. 9, 2021

• Mimecast to cut 4% of workforce in restructuring as breach probe continues

  Feb. 4, 2021

• FireEye reports record revenue in first report since Red Team hack

  Feb. 3, 2021

• Supply chain attacks could open up vendor competition, Moody's says

  Feb. 2, 2021

• Supply chain attacks renew focus on limiting privileged access to cloud data

  Jan. 29, 2021

• Cyberattacks cost financial firms $4.7M on average last year: report

  Jan. 28, 2021

• Biden campaign cyber chief named federal CISO

  Jan. 27, 2021

• Privacy investments mitigate security losses, report finds

  Jan. 26, 2021

• Cyberthreat trends in the remote work landscape

  Jan. 25, 2021

• Cyber defense panel sees more private sector coordination following SolarWinds

  Jan. 20, 2021

• Malwarebytes attack linked to SolarWinds' nation-state actors, CEO says

  Jan. 20, 2021

• Financial services companies embrace cloud as security concerns grow

  Jan. 15, 2021

• Mimecast attributes supply chain attack to SolarWinds' hackers

  Jan. 14, 2021

• With cyber bureau, State Department brings diplomacy to threat landscape

  Jan. 11, 2021

• SolarWinds attack leads to renewed focus on IT relationships with corporate boards

  Jan. 7, 2021

• Federal task force says Russia likely actor behind SolarWinds attack

  Jan. 5, 2021

• Fast-growing gaming industry faces rising threat of account compromise

  Jan. 5, 2021

• Full impact of SolarWinds attack begins to emerge across tech sector, federal agencies

  Dec. 23, 2020

• SolarWinds breach reminds companies to be proactive in managing trust, disclosure

  Dec. 22, 2020

• Tracking SolarWinds cyberattack fallout, play-by-play

  Dec. 18, 2020

• After years in the lab, IBM ready to take homomorphic encryption into the mainstream

  Dec. 18, 2020

• FireEye killswitch stops SolarWinds hack

  Dec. 16, 2020

• SolarWinds Orion vulnerability: What security teams need to know

  Dec. 15, 2020

• IT execs face growing pressure to balance security with productivity

  Dec. 14, 2020

• SolarWinds Orion flaw linked to government cyberattacks

  Dec. 14, 2020

• Federal agencies warn of heightened cyberthreats against K-12 schools

  Dec. 11, 2020

• NSA calls out Russia-backed exploit of VMware virtual workspace platform

  Dec. 8, 2020

• Kmart's reported ransomware attack highlights ongoing threat to retail

  Dec. 4, 2020

• IoT cyber bill clears Congress — what's next for industry players?

  Dec. 3, 2020

• Proactive technology upgrades prevent security nightmares, report finds

  Dec. 1, 2020

• Sharp rise in IT spending as cyberthreats evolve, Crowdstrike finds

  Nov. 25, 2020

• Home Depot codifies data reforms in $17.5M breach settlement with states

  Nov. 25, 2020

• Defense industry CISOs prepare for cybersecurity compliance audits

  Nov. 23, 2020

• Carnegie researchers seek urgent action to combat financial cyberthreats

  Nov. 20, 2020

• Famed hacker Mudge to lead Twitter security after summer of attacks

  Nov. 17, 2020

• Voice, SMS not secure enough for multifactor authentication, Microsoft says

  Nov. 16, 2020

• Biden faces scrutiny on key appointments and policy priorities on privacy, cybersecurity

  Nov. 13, 2020

• Cybersecurity hiring spikes as pandemic forces global workforce restructuring

  Nov. 11, 2020