Cyberattacks
-
DaVita hit by ransomware attack
The kidney dialysis firm doesn’t have an estimate for how long disruption from the attack will last, though it stressed patients are still receiving care.
By Emily Olsen • April 15, 2025 -
Attackers exploit zero-day flaw in Gladinet CentreStack file-sharing platform
Critical vulnerability affects both CentreStack and Gladinet’s on-premises file-sharing server, Triofox.
By Rob Wright • April 15, 2025 -
Over 14K Fortinet devices compromised via new attack method
Fortinet warned last week that a threat actor was using a novel post-exploitation trick to maintain access to devices after they were patched.
By Rob Wright • April 14, 2025 -
Fortinet warns of threat activity against older vulnerabilities
Researchers discovered a technique that allows threat actors to maintain read-only access to vulnerable FortiGate devices after they are patched.
By Rob Wright • April 11, 2025 -
Windows CLFS zero-day exploited in ransomware attacks
A threat actor tracked as Storm-2460 has used PipeMagic malware to facilitate the attacks.
By David Jones • April 9, 2025 -
Over 5K Ivanti VPNs vulnerable to critical bug under attack
China-linked threat actors last month began exploiting CVE-2025-22457, a critical stack buffer-overflow flaw.
By Rob Wright • April 8, 2025 -
Cisco confirms cyberattacks on Smart Licensing Utility flaw
CISA earlier this week added CVE-2024-20439, a static credential vulnerability in the license management app, to its known exploited vulnerabilities catalog.
By Rob Wright • April 3, 2025 -
FTC chief flags data privacy concerns in 23andMe bankruptcy
The company filed for bankruptcy after financial challenges over the past few years and a massive data breach in 2023.
By Alexei Alexis • April 2, 2025 -
Ransomware gangs increasingly brandish EDR bypass tools
Custom tool developed by RansomHub, dubbed “EDRKillShifter,” is used by several other rival ransomware gangs.
By Rob Wright • March 27, 2025 -
Russian threat actor weaponized Microsoft Management Console flaw
A threat actor known as “EncryptHub” began exploiting the zero-day vulnerability before it was patched earlier this month.
By Elizabeth Montalbano, Contributing Reporter • Updated March 26, 2025 -
Critical Apache Tomcat RCE vulnerability exploited
Attack attempts via CVE-2025-24813 are underway, but successful attacks require specific, non-default configurations, according to GreyNoise.
By Rob Wright • March 24, 2025 -
Coinbase originally targeted during GitHub Action supply chain attack
Researchers from Palo Alto Networks said the hackers likely planned to leverage an open source project of the company for additional attacks.
By David Jones • March 21, 2025 -
Medusa ransomware using malicious driver as EDR killer
"ABYSSWORKER" imitates a CrowdStrike Falcon driver.
By Rob Wright • March 21, 2025 -
11 nation-state groups exploit unpatched Microsoft zero-day
The tech giant has yet to address a vulnerability that allows for malicious payloads to be delivered via Windows shortcut files and has been under active attack for eight years.
By Elizabeth Montalbano, Contributing Reporter • March 19, 2025 -
RansomHub using FakeUpdates scheme to attack government sector
The ransomware gang is collaborating with SocGholish, an extensive malware operation that employs compromised websites and fake browser updates.
By Rob Wright • March 18, 2025 -
Supply chain attack against GitHub Action triggers massive exposure of secrets
The incident highlights ongoing security concerns in the software supply chain.
By David Jones • March 17, 2025 -
Black Basta uses brute-forcing tool to attack edge devices
The ransomware gang developed an automated framework to guess weak and reused passwords on VPNs and firewalls.
By Rob Wright • March 17, 2025 -
Medusa ransomware slams critical infrastructure organizations
The ransomware-as-a-service gang tallied more than 300 victims in industries such as healthcare, manufacturing and technology.
By Rob Wright • March 13, 2025 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA: 3 Ivanti endpoint vulnerabilities exploited in the wild
Researchers last month published a proof-of-concept exploit for the critical flaws in Endpoint Manager.
By Rob Wright • March 11, 2025 -
Critical PHP vulnerability under widespread cyberattack
Telemetry data shows spikes in exploits of CVE-2024-4577 across several countries in recent months.
By Rob Wright • March 10, 2025 -
Cobalt Strike takedown effort cuts cracked versions by 80%
Fortra, Microsoft and Health-ISAC partnership reduced unauthorized copies of red team tool over the last two years.
By Rob Wright • March 7, 2025 -
37K+ VMware ESXi instances vulnerable to critical zero-day
Some customers have been unable to download the patches for three VMware zero-day vulnerabilities due to an issue with the Broadcom Support Portal.
By Rob Wright • March 6, 2025 -
Cyberattacks targeting IT vendors intensify, causing bigger losses
Ransomware criminals are on the hunt for prime targets that can yield bigger payouts, according to cyber risk management firm Resilience.
By Alexei Alexis • March 6, 2025 -
Broadcom urges customers to patch 3 zero-day VMware flaws
Cyberattackers with administrative access are actively exploiting vulnerabilities in ESXi, Workstation and Fusion products.
By Elizabeth Montalbano, Contributing Reporter • March 5, 2025 -
More than 86K IoT devices compromised by fast-growing Eleven11 botnet
The Iran-linked botnet has a large presence in the U.S. and is targeting telecom and other firms with DDoS attacks.
By David Jones • March 4, 2025