Cyberattacks


  • Close up of a machine with several tubes, some of which are red.
    Image attribution tooltip
    saengsuriya13 via Getty Images
    Image attribution tooltip

    DaVita hit by ransomware attack

    The kidney dialysis firm doesn’t have an estimate for how long disruption from the attack will last, though it stressed patients are still receiving care.

    By Emily Olsen • April 15, 2025
  • words zero day highlighted in code
    Image attribution tooltip
    JUN LI via Getty Images
    Image attribution tooltip

    Attackers exploit zero-day flaw in Gladinet CentreStack file-sharing platform

    Critical vulnerability affects both CentreStack and Gladinet’s on-premises file-sharing server, Triofox.

    By April 15, 2025
  • Rendered image depicting global networks.
    Image attribution tooltip
    DKosig via Getty Images
    Image attribution tooltip

    Over 14K Fortinet devices compromised via new attack method

    Fortinet warned last week that a threat actor was using a novel post-exploitation trick to maintain access to devices after they were patched.

    By April 14, 2025
  • The red lock and its structure explode in a digital computer setting.
    Image attribution tooltip
    TU IS via Getty Images
    Image attribution tooltip

    Fortinet warns of threat activity against older vulnerabilities

    Researchers discovered a technique that allows threat actors to maintain read-only access to vulnerable FortiGate devices after they are patched.

    By April 11, 2025
  • Microsoft AI antitrust concerns
    Image attribution tooltip
    jeenah Moon via Getty Images
    Image attribution tooltip

    Windows CLFS zero-day exploited in ransomware attacks

    A threat actor tracked as Storm-2460 has used PipeMagic malware to facilitate the attacks.

    By April 9, 2025
  • Photograph depicts a security scanner extracting virus from a string of binary code.
    Image attribution tooltip
    Hailshadow via Getty Images
    Image attribution tooltip

    Over 5K Ivanti VPNs vulnerable to critical bug under attack

    China-linked threat actors last month began exploiting CVE-2025-22457, a critical stack buffer-overflow flaw.

    By April 8, 2025
  • A sign reads Cisco in bright red letters outside a corporate office.
    Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    Cisco confirms cyberattacks on Smart Licensing Utility flaw

    CISA earlier this week added CVE-2024-20439, a static credential vulnerability in the license management app, to its known exploited vulnerabilities catalog.

    By April 3, 2025
  • 23andMe
    Image attribution tooltip
    Justin Sullivan via Getty Images
    Image attribution tooltip

    FTC chief flags data privacy concerns in 23andMe bankruptcy

    The company filed for bankruptcy after financial challenges over the past few years and a massive data breach in 2023.

    By Alexei Alexis • April 2, 2025
  • Creative image depicting a ransomware attack.
    Image attribution tooltip
    bin kontan / Getty Images via Getty Images
    Image attribution tooltip

    Ransomware gangs increasingly brandish EDR bypass tools

    Custom tool developed by RansomHub, dubbed “EDRKillShifter,” is used by several other rival ransomware gangs.

    By March 27, 2025
  • Microsoft building with logo
    Image attribution tooltip
    HJBC via Getty Images
    Image attribution tooltip

    Russian threat actor weaponized Microsoft Management Console flaw

    A threat actor known as “EncryptHub” began exploiting the zero-day vulnerability before it was patched earlier this month.

    By Elizabeth Montalbano, Contributing Reporter • Updated March 26, 2025
  • Rendered image depicting global networks.
    Image attribution tooltip
    DKosig via Getty Images
    Image attribution tooltip

    Critical Apache Tomcat RCE vulnerability exploited

    Attack attempts via CVE-2025-24813 are underway, but successful attacks require specific, non-default configurations, according to GreyNoise.

    By March 24, 2025
  • Coinbase
    Image attribution tooltip
    Courtesy of Coinbase
    Image attribution tooltip

    Coinbase originally targeted during GitHub Action supply chain attack

    Researchers from Palo Alto Networks said the hackers likely planned to leverage an open source project of the company for additional attacks.

    By March 21, 2025
  • Ransomware spelled out in a creative depiction.
    Image attribution tooltip
    Just_Super via Getty Images
    Image attribution tooltip

    Medusa ransomware using malicious driver as EDR killer

    "ABYSSWORKER" imitates a CrowdStrike Falcon driver.

    By March 21, 2025
  • Microsoft, antitrust, Alaily, FTC. Google
    Image attribution tooltip
    David Ramos via Getty Images
    Image attribution tooltip

    11 nation-state groups exploit unpatched Microsoft zero-day

    The tech giant has yet to address a vulnerability that allows for malicious payloads to be delivered via Windows shortcut files and has been under active attack for eight years.

    By Elizabeth Montalbano, Contributing Reporter • March 19, 2025
  • Creative image depicting a ransomware attack.
    Image attribution tooltip
    bin kontan / Getty Images via Getty Images
    Image attribution tooltip

    RansomHub using FakeUpdates scheme to attack government sector

    The ransomware gang is collaborating with SocGholish, an extensive malware operation that employs compromised websites and fake browser updates.

    By March 18, 2025
  • A tech worker eviews code on a computer screen
    Image attribution tooltip
    MTStock Studio via Getty Images
    Image attribution tooltip

    Supply chain attack against GitHub Action triggers massive exposure of secrets

    The incident highlights ongoing security concerns in the software supply chain.

    By March 17, 2025
  • Password input field
    Image attribution tooltip
    Getty via Getty Images
    Image attribution tooltip

    Black Basta uses brute-forcing tool to attack edge devices

    The ransomware gang developed an automated framework to guess weak and reused passwords on VPNs and firewalls.

    By March 17, 2025
  • A bronze depiction of ancient god Medusa with snakes in her hair
    Image attribution tooltip
    Paul Campbell via Getty Images
    Image attribution tooltip

    Medusa ransomware slams critical infrastructure organizations

    The ransomware-as-a-service gang tallied more than 300 victims in industries such as healthcare, manufacturing and technology.

    By March 13, 2025
  • CISA, cybersecurity, agency
    Image attribution tooltip
    Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
    Image attribution tooltip

    CISA: 3 Ivanti endpoint vulnerabilities exploited in the wild

    Researchers last month published a proof-of-concept exploit for the critical flaws in Endpoint Manager.

    By March 11, 2025
  • Digital technology vector background depicting a cyberattack.
    Image attribution tooltip
    WhataWin via Getty Images
    Image attribution tooltip

    Critical PHP vulnerability under widespread cyberattack

    Telemetry data shows spikes in exploits of CVE-2024-4577 across several countries in recent months.

    By March 10, 2025
  • Image of healthcare equipment
    Image attribution tooltip
    Just_Super via Getty Images
    Image attribution tooltip

    Cobalt Strike takedown effort cuts cracked versions by 80%

    Fortra, Microsoft and Health-ISAC partnership reduced unauthorized copies of red team tool over the last two years.

    By March 7, 2025
  • Technician services a cloud server.
    Image attribution tooltip
    anandaBGD via Getty Images
    Image attribution tooltip

    37K+ VMware ESXi instances vulnerable to critical zero-day

    Some customers have been unable to download the patches for three VMware zero-day vulnerabilities due to an issue with the Broadcom Support Portal.

    By March 6, 2025
  • Technician in server hub doing face palm gesture, trying to protect hardware from hacker stealing information
    Image attribution tooltip
    Dragos Condrea via Getty Images
    Image attribution tooltip

    Cyberattacks targeting IT vendors intensify, causing bigger losses

    Ransomware criminals are on the hunt for prime targets that can yield bigger payouts, according to cyber risk management firm Resilience.

    By Alexei Alexis • March 6, 2025
  • A sign is posted in front of a Broadcom office on December 12, 2024 in San Jose, California.
    Image attribution tooltip
    Justin Sullivan / Staff via Getty Images
    Image attribution tooltip

    Broadcom urges customers to patch 3 zero-day VMware flaws

    Cyberattackers with administrative access are actively exploiting vulnerabilities in ESXi, Workstation and Fusion products.

    By Elizabeth Montalbano, Contributing Reporter • March 5, 2025
  • Broadband connections
    Image attribution tooltip
    NicoElNino via Getty Images
    Image attribution tooltip

    More than 86K IoT devices compromised by fast-growing Eleven11 botnet

    The Iran-linked botnet has a large presence in the U.S. and is targeting telecom and other firms with DDoS attacks.

    By March 4, 2025