Scattered Spider appears to pivot toward aviation sector

A cyberattack on Hawaiian Airlines carries some hallmarks of the notorious cybercrime group.

Updated June 27, 2025

Hackers exploiting critical Citrix Netscaler flaw, researchers say

After confirming exploitation of a separate zero-day flaw, Cloud Software Group promises to be transparent.

AI security issues dominate corporate worries, spending

Two reports illustrate how business leaders are thinking about and budgeting for generative AI.

United Natural Foods says cyberattack will reduce quarterly earnings

The company, which supplies Whole Foods and other grocery stores nationwide, had to disable electronic ordering systems while responding to the attack earlier this month.

Microsoft to make Windows more resilient following 2024 IT outage

The company has been working with security partners to make sure future software updates don’t lead to operational disruptions for customers.

Updated June 26, 2025

‘Suspended animation’: US government upheaval has frayed partnerships with critical infrastructure

Recent federal cuts, reorganizations and other disruptions have alarmed industry leaders, who say the government is a less reliable partner even as cyber threats increase.

Critical vulnerability in Citrix Netscaler raises specter of exploitation wave

Threat researchers warn the flaw could open up a flood of attacks that rival the 2023 CitrixBleed crisis. 

Updated June 25, 2025

Cyber insurance premiums drop for first time, report finds

Despite a decline in both premiums and prices, the market continues to be profitable.

Federal officials, critical infrastructure leaders remain on guard for Iran-linked hacks

Amid an uneasy truce, security teams in the U.S. said they have not seen any credible or specific threats.

Fewer ransomware attacks encrypting data, report finds

Hackers are increasingly performing extortion-only attacks.

Steelmaker Nucor restores operations, confirms limited data breach

The steel products giant said it does not expect the cyberattack to have a material impact on its operations.

DHS warns of heightened cyber threat as US enters Iran conflict

Federal officials are warning that pro-Iran hacktivists or state-linked actors may target poorly secured U.S. networks.

Aflac discloses cyber intrusion linked to wider crime spree targeting insurance industry

The breach marks the latest in a series of recent attacks linked to cybercrime group Scattered Spider.

Updated June 20, 2025

AWS CISO stumps for security as an AI enabler

AI’s rapid development underscores the need for secure foundations, Amy Herzog said Tuesday during the company’s annual cybersecurity conference.

Researchers urge vigilance as Veeam releases patch to address critical flaw

The patch for a previously disclosed vulnerability in the company’s backup software did not offer adequate protection, according to researchers.

Critical Zyxel vulnerability under active exploitation after long period of quiet

Researchers say a sudden burst of activity could be linked to a Mirai botnet variant.

Cloud storage buckets leaking secret data despite security improvements

New data from Tenable highlighted significant improvements in the number of businesses with publicly exposed and critically vulnerable buckets storing sensitive data.

FTC reminds car dealers to protect customer data

The commission described how recently updated federal regulations affect dealerships — and their vendors.

Updated June 17, 2025

Threat group linked to UK, US retail attacks now targeting insurance industry

The warning from Google researchers follows a recent incident at Erie Insurance, although the perpetrators of that attack have not been identified.

US critical infrastructure could become casualty of Iran-Israel conflict

Researchers warn that Iran-aligned threat groups could soon target U.S. companies and individuals in cyber espionage or sabotage attacks.

Cyberattacks top list of global business concerns, Kroll finds

Many companies feel unprepared to comply with global privacy and security rules, according to the advisory firm’s annual business sentiment survey.

SEC scraps proposed cybersecurity rules for investment advisers, market participants

The commission offered no rationale for removing rules that would have imposed security requirements on financial services providers.

Updated June 16, 2025

CISA warns of supply chain risks as ransomware attacks exploit SimpleHelp flaws

The latest confirmed cyber intrusion hit a utility billing software provider and its customers.

Software vulnerabilities pile up at government agencies, research finds

A Veracode report reveals that government networks have accumulated years of unresolved security flaws, putting them at serious risk of exploitation.

Critical flaw in Microsoft Copilot could have allowed zero-click attack

Researchers said the vulnerability, dubbed “EchoLeak,” could allow a hacker to access data without any specific user interaction.

Updated June 11, 2025