CISA launches new wave of job cuts

Critics warn that drastic downsizing of the DHS unit will threaten the nation’s ability to counter cyber adversaries.

Mitre CVE program regains funding as renewal deal reached

The information security industry feared a lapse would lead to industrywide exposures of software vulnerabilities.

Hertz says personal data breached in connection with Cleo file-transfer flaws

The company is the latest organization to investigate or disclose an incident linked to a monthslong attack spree.

DaVita hit by ransomware attack

The kidney dialysis firm doesn’t have an estimate for how long disruption from the attack will last, though it stressed patients are still receiving care.

Attackers exploit zero-day flaw in Gladinet CentreStack file-sharing platform

Critical vulnerability affects both CentreStack and Gladinet’s on-premises file-sharing server, Triofox.

Over 14K Fortinet devices compromised via new attack method

Fortinet warned last week that a threat actor was using a novel post-exploitation trick to maintain access to devices after they were patched.

Aviation sector faces heightened cyber risks due to vulnerable software, aging tech

A report calls on federal authorities to conduct comprehensive risk assessments and take steps to modernize the air traffic control system.

Remote access tools most frequently targeted as ransomware entry points

Supply chain risk via third-party vendors increased sharply last year, according to a report by At-Bay.

Fortinet warns of threat activity against older vulnerabilities

Researchers discovered a technique that allows threat actors to maintain read-only access to vulnerable FortiGate devices after they are patched.

Windows CLFS zero-day exploited in ransomware attacks

A threat actor tracked as Storm-2460 has used PipeMagic malware to facilitate the attacks.

CISA adds Ivanti Connect Secure vulnerability to KEV catalog

CVE-2025-22457 is a critical stack buffer-overflow vulnerability. Ivanti had initially assessed as a low-level product bug that could not be exploited remotely.

Sam’s Club investigating attack claim linked to Clop ransomware

The prolific gang is linked to the exploitation of critical flaws in Cleo file transfer software.

CISA urges fired probationary workers to respond after federal judge grants order

The agency plans to keep workers on paid administrative leave despite ongoing concerns about its ability to address cyber threats.

Hacker linked to Oracle Cloud intrusion threatens to sell stolen data

Security researchers from Trustwave SpiderLabs provided additional evidence backing up claims of a breach.

Solar power gear vulnerable to remote sabotage

Security flaws underscore the risk of cyber threat actors commandeering parts of the electric grid.

AI project failure rates are on the rise: report

The share of businesses scrapping most of their AI initiatives increased to 42% this year, up from 17% last year, according to S&P Global Market Intelligence. 

Tech giants seek data standards amid AI push

Microsoft, IBM and Cisco are among the vendors backing the OASIS Data Provenance Standards Technical Committee announced last week.

FCC launches national security unit to counter state-linked threats to US telecoms

The new council is part of an effort to thwart Salt Typhoon and other cyber espionage groups.

82% of K-12 schools recently experienced a cyber incident

Cybercriminals are increasingly targeting school networks through phishing and social engineering, a cybersecurity nonprofit reported.

Majority of ransomware claims involved compromise of perimeter security devices

A report by cyber insurance firm Coalition shows six of every 10 ransomware claims involved compromised VPN or firewall.

Former NSA cyber director warns drastic job cuts threaten national security

Rob Joyce told lawmakers mass layoffs of federal workers will hurt the ability of the U.S. to combat malicious cyber activity from China and other adversaries.

Eleven11bot estimates revised downward as researchers point to Mirai variant

The botnet has been involved in DDoS activity targeting telecom companies and gaming platforms.

CrowdStrike shares fall as company forecasts lower-than-expected results

The cybersecurity vendor is ending its customer commitment package, which was launched to help maintain existing relationships.

More than 86K IoT devices compromised by fast-growing Eleven11 botnet

The Iran-linked botnet has a large presence in the U.S. and is targeting telecom and other firms with DDoS attacks.

Microsoft-signed driver used in ransomware attacks

Threat actors are exploiting a privilege escalation flaw in Paragon Partition Manager for “bring your own vulnerable driver” (BYOVD) attacks.