Threats
-
Remote access tools most frequently targeted as ransomware entry points
Supply chain risk via third-party vendors increased sharply last year, according to a report by At-Bay.
By David Jones • April 11, 2025 -
Windows CLFS zero-day exploited in ransomware attacks
A threat actor tracked as Storm-2460 has used PipeMagic malware to facilitate the attacks.
By David Jones • April 9, 2025 -
Explore the Trendline➔
.shock via Getty ImagesTrendlineRisk Management
An esclation of cyber risks facing businesses and government has made cyber resilience a major priority.
By Cybersecurity Dive staff -
Over 5K Ivanti VPNs vulnerable to critical bug under attack
China-linked threat actors last month began exploiting CVE-2025-22457, a critical stack buffer-overflow flaw.
By Rob Wright • April 8, 2025 -
Trump administration under scrutiny as it puts major round of CISA cuts on the table
Congressional members plan to raise questions Tuesday as hundreds of critical jobs could be slashed in the coming weeks.
By David Jones • April 7, 2025 -
Retrieved from Jen Easterly/CISA.
CISA, FBI warn of fast flux technique used to hide malicious servers
Criminal and state-linked hackers use fast-changing DNS records to make it harder for defenders to detect or disrupt malicious activity.
By David Jones • April 4, 2025 -
Mass login scans of PAN GlobalProtect portals surge
Nearly 24K unique IP addresses have attempted to access portals in the last 30 days, raising concerns of imminent attacks over the past 30 days.
By Elizabeth Montalbano, Contributing Reporter • April 2, 2025 -
Check Point Software confirms security incident but pushes back on threat actor claims
A malicious hacker recently offered to sell the security firm’s sensitive customer information.
By David Jones • April 2, 2025 -
FTC chief flags data privacy concerns in 23andMe bankruptcy
The company filed for bankruptcy after financial challenges over the past few years and a massive data breach in 2023.
By Alexei Alexis • April 2, 2025 -
Critical vulnerability in CrushFTP file transfer software under attack
Questions and confusion surround the authentication bypass vulnerability, which was privately disclosed to customers on March 21.
By Rob Wright • April 1, 2025 -
Hacker linked to Oracle Cloud intrusion threatens to sell stolen data
Security researchers from Trustwave SpiderLabs provided additional evidence backing up claims of a breach.
By David Jones • March 31, 2025 -
Threat actor in Oracle Cloud breach may have gained access to production environments
Researchers from CloudSEK are analyzing a data sample from a threat actor that claimed a massive breach involving 6 million records.
By David Jones • March 27, 2025 -
Ransomware gangs increasingly brandish EDR bypass tools
Custom tool developed by RansomHub, dubbed “EDRKillShifter,” is used by several other rival ransomware gangs.
By Rob Wright • March 27, 2025 -
FCC investigating China-linked companies over evasion of US national security measures
The agency is cracking down on the use of prohibited technologies following a series of hacks into US telecommunications firms.
By David Jones • March 24, 2025 -
stock.adobe.com/peera
Sponsored by VeracodeHow ASPM gives you control over complex architectures
ASPM gives organizations control by unifying risk data, automating threat analysis, and prioritizing vulnerabilities based on their business impact.
By Sohail Iqbal, Chief Information Security Officer, Veracode • March 24, 2025 -
RansomHub using FakeUpdates scheme to attack government sector
The ransomware gang is collaborating with SocGholish, an extensive malware operation that employs compromised websites and fake browser updates.
By Rob Wright • March 18, 2025 -
Black Basta uses brute-forcing tool to attack edge devices
The ransomware gang developed an automated framework to guess weak and reused passwords on VPNs and firewalls.
By Rob Wright • March 17, 2025 -
FCC launches national security unit to counter state-linked threats to US telecoms
The new council is part of an effort to thwart Salt Typhoon and other cyber espionage groups.
By David Jones • March 13, 2025 -
Medusa ransomware slams critical infrastructure organizations
The ransomware-as-a-service gang tallied more than 300 victims in industries such as healthcare, manufacturing and technology.
By Rob Wright • March 13, 2025 -
Juniper MX routers targeted by China-nexus threat group using custom backdoors
The devices have reached end-of-life status and need to be upgraded, as the company has issued in a security advisory.
By David Jones • March 12, 2025 -
Emerging botnet exploits TP-Link router flaw posing risk to US organizations
Ballista’s attacks on TP-Link devices comes as U.S. lawmakers consider banning the company's products over suspected links to China.
By Elizabeth Montalbano, Contributing Reporter • March 12, 2025 -
82% of K-12 schools recently experienced a cyber incident
Cybercriminals are increasingly targeting school networks through phishing and social engineering, a cybersecurity nonprofit reported.
By Anna Merod • March 12, 2025 -
Former NSA cyber director warns drastic job cuts threaten national security
Rob Joyce told lawmakers mass layoffs of federal workers will hurt the ability of the U.S. to combat malicious cyber activity from China and other adversaries.
By David Jones • March 10, 2025 -
Cobalt Strike takedown effort cuts cracked versions by 80%
Fortra, Microsoft and Health-ISAC partnership reduced unauthorized copies of red team tool over the last two years.
By Rob Wright • March 7, 2025 -
Eleven11bot estimates revised downward as researchers point to Mirai variant
The botnet has been involved in DDoS activity targeting telecom companies and gaming platforms.
By David Jones • March 7, 2025 -
More than 86K IoT devices compromised by fast-growing Eleven11 botnet
The Iran-linked botnet has a large presence in the U.S. and is targeting telecom and other firms with DDoS attacks.
By David Jones • March 4, 2025