Cyberattacks
-
Hack could cost Coinbase up to $400M: filing
The crypto exchange is offering a $20 million reward for information leading to the hackers’ arrest. Coinbase terminated customer support agents who leaked customer data.
By Gabrielle Saulsbery • May 16, 2025 -
Tennessee’s largest school district sues PowerSchool over data breach
Memphis-Shelby County Schools’ federal lawsuit against the ed tech giant is among the latest that have been filed by over 100 other districts nationwide.
By Anna Merod • May 16, 2025 -
Researchers warn threat actors in UK retail attacks are targeting US sector
Google Threat Intelligence researchers say the hackers behind intrusions at multiple British retailers are launching similar social engineering attacks against American companies.
By David Jones • May 15, 2025 -
Steelmaker Nucor discloses cyberattack on IT network
The company halted production at various locations and took potentially affected systems offline.
By David Jones • May 14, 2025 -
UK retailer Co-op restoring systems following major cyberattack
The company is carefully ramping up systems and is boosting deliveries to its 2,300 food stores after stock issues.
By David Jones • May 14, 2025 -
M&S says hackers gained access to customer data in April cyberattack
The UK retailer said the payment data was masked and therefore not usable.
By David Jones • May 13, 2025 -
Lee Enterprises spent $2M for ransomware recovery
The newspaper chain said the attack will have lingering impacts on its balance sheet, and its lender waived certain payments.
By David Jones • May 12, 2025 -
Ransomware claims dipped slightly in 2024, cyber insurer says
A major cyber insurer’s annual report lays out how hackers are trying to steal money and how its policyholders responded.
By Eric Geller • May 7, 2025 -
Masimo says cyberattack has impacted its ability to fulfill orders
The maker of patient monitoring devices does not currently expect to change its earnings guidance.
By David Jones • May 7, 2025 -
UK authorities warn of retail-sector risks following cyberattack spree
Three major retail brands, including Harrods and M&S, have been targeted in recent weeks.
By David Jones • May 5, 2025 -
Operational impacts top list of vendor risk worries, study finds
The report comes as years of supply chain cyberattacks shine a spotlight on third-party risks.
By Eric Geller • May 1, 2025 -
AI-fueled cybercrime may outpace traditional defenses, Check Point warns
The security firm said in a new report that defenders should begin using AI to counter cyber criminals’ adoption of the technology.
By Eric Geller • April 30, 2025 -
Critical vulnerability in SAP NetWeaver Visual Composer leads to confirmed compromises
Thousands are exposed and potentially vulnerable as researchers warn of widespread exploitation.
By David Jones • Updated April 30, 2025 -
FBI seeks public tips about Salt Typhoon
The bureau’s public alert follows months of conversations with the telecom industry about the far-reaching cyber espionage campaign by a Chinese nation-state threat actor.
By Eric Geller • April 28, 2025 -
BEC scams, investment fraud accounted for biggest cybercrime losses in 2024
Americans lost $16.6 billion to cyber fraud last year, according to an FBI report, with phishing, spoofing and extortion topping the list of complaints.
By Eric Geller • April 23, 2025 -
Conduent warns January breach impacted a ‘significant’ number of people
The company incurred a material amount of nonrecurring expenses during Q1 related to potential notification requirements.
By David Jones • April 22, 2025 -
DaVita hit by ransomware attack
The kidney dialysis firm doesn’t have an estimate for how long disruption from the attack will last, though it stressed patients are still receiving care.
By Emily Olsen • April 15, 2025 -
Attackers exploit zero-day flaw in Gladinet CentreStack file-sharing platform
Critical vulnerability affects both CentreStack and Gladinet’s on-premises file-sharing server, Triofox.
By Rob Wright • April 15, 2025 -
Over 14K Fortinet devices compromised via new attack method
Fortinet warned last week that a threat actor was using a novel post-exploitation trick to maintain access to devices after they were patched.
By Rob Wright • April 14, 2025 -
Fortinet warns of threat activity against older vulnerabilities
Researchers discovered a technique that allows threat actors to maintain read-only access to vulnerable FortiGate devices after they are patched.
By Rob Wright • April 11, 2025 -
Windows CLFS zero-day exploited in ransomware attacks
A threat actor tracked as Storm-2460 has used PipeMagic malware to facilitate the attacks.
By David Jones • April 9, 2025 -
Over 5K Ivanti VPNs vulnerable to critical bug under attack
China-linked threat actors last month began exploiting CVE-2025-22457, a critical stack buffer-overflow flaw.
By Rob Wright • April 8, 2025 -
Cisco confirms cyberattacks on Smart Licensing Utility flaw
CISA earlier this week added CVE-2024-20439, a static credential vulnerability in the license management app, to its known exploited vulnerabilities catalog.
By Rob Wright • April 3, 2025 -
FTC chief flags data privacy concerns in 23andMe bankruptcy
The company filed for bankruptcy after financial challenges over the past few years and a massive data breach in 2023.
By Alexei Alexis • April 2, 2025 -
Ransomware gangs increasingly brandish EDR bypass tools
Custom tool developed by RansomHub, dubbed “EDRKillShifter,” is used by several other rival ransomware gangs.
By Rob Wright • March 27, 2025