Critical flaw in Microsoft Copilot could have allowed zero-click attack

Researchers said the vulnerability, dubbed “EchoLeak,” could allow a hacker to access data without any specific user interaction.

Updated June 11, 2025

How AI agents could revolutionize the SOC — with human help

AI agents aren’t foolproof, but they could soon replace some of the most common tasks for cyber defenders.

Global law-enforcement operation targets infostealer malware

Authorities in three countries arrested 32 people and seized dozens of servers.

UNFI’s operations remain hobbled following cyberattack

The grocery company had to entirely shut down its network following the intrusion and is serving customers on only a “limited basis” as it works to recover, CEO Sandy Douglas said.

From malware to deepfakes, generative AI is transforming attacks

Generative AI is even helping hackers trick open-source developers into using malicious code, according to Gartner.

Marks & Spencer restores some online-order operations following cyberattack

The department store chain six weeks ago was one of the first targets in an international spree of attacks disrupting retailers.

Main distributor to Whole Foods hit by cyberattack

UNFI, a grocery retailer and wholesaler, is working to resume full operations following “unauthorized activity” involving its IT systems.

SentinelOne rebuffs China-linked attack — and discovers global intrusions

The security firm said the operatives who tried to breach it turned out to be responsible for cyberattacks on dozens of critical infrastructure organizations worldwide.

Updated June 9, 2025

Scattered Spider targeting MSPs, IT vendors in social engineering campaigns

The same group is believed to be behind a wave of attacks against retailers in the UK, the US and elsewhere.

Gartner: How to create a compelling SOC narrative for executives

Focus on financial impact, efficiency and risk management to ensure informed cybersecurity investment decisions. 

Trump scraps Biden software security, AI, post-quantum encryption efforts in new executive order

The White House accused the Biden administration of trying to “sneak problematic and distracting issues into cybersecurity policy.” 

Data security is a CX issue, too

A string of cyberattacks have targeted retailers like Adidas and North Face. Incidents like these can weaken customer trust and lead to lost business, experts say.

Corporate executives face mounting digital threats as AI drives impersonation

Malicious actors are using deepfakes and voice-cloning technology to target senior executives in both the workplace and personal spaces.

Trump’s national cyber director nominee dodges criticism of funding cuts

Sean Cairncross said his managerial experience has prepared him well to lead a relatively new White House cyber unit.

Water utilities mitigate equipment flaws after researchers find widespread exposures

Censys researchers said hundreds of water treatment facilities have taken steps to protect against malicious cyber intrusions.

CISA workforce cut by nearly one-third so far

The agency has lost roughly 1,000 staffers in the wake of the Trump administration’s workforce cuts, losses that could imperil its ability to protect government computer systems and critical infrastructure.

FBI, CISA warn Play ransomware targeting critical infrastructure with evolving techniques

The hacker group has breached hundreds of organizations and is working with others to exploit flaws in a popular remote support tool.

Vast array of solar power equipment left exposed online

The most commonly exposed device has been discontinued and vulnerable for a decade, new research found.

Hackers abuse malicious version of Salesforce tool for data theft, extortion

A threat group is using voice phishing to trick targeted organizations into sharing sensitive credentials.

Trump’s cyber nominees gain broad industry support

CISA director and national cyber director nominees could transform how the federal government engages with the private sector on cybersecurity issues.

Updated June 3, 2025

Victoria’s Secret postponing release of report earnings amid breach impact

The intrusion follows a string of attacks that appear to be the work of the cybercrime gang Scattered Spider.

Microsoft, CrowdStrike, other cyber firms collaborate on threat actor taxonomy

After years of confusion, leading threat-intelligence companies will streamline how they name threat groups.  

Trump’s CISA budget lays out deep job cuts, program reductions

Critical infrastructure organizations and small businesses would get less support under the president’s fiscal 2026 funding plan.

Updated June 2, 2025

SentinelOne analysis links service disruption to software flaw

The outage had major impacts on enterprise customers’ ability to manage security operations, although federal customers were not affected.

Senate Democrats urge DHS to reconstitute CSRB

The lawmakers said the Cyber Safety Review Board’s work has made government agencies and private businesses more secure.