RansomHub using FakeUpdates scheme to attack government sector

The ransomware gang is collaborating with SocGholish, an extensive malware operation that employs compromised websites and fake browser updates.

By Rob Wright • March 18, 2025

Supply chain attack against GitHub Action triggers massive exposure of secrets

The incident highlights ongoing security concerns in the software supply chain.

By David Jones • March 17, 2025

Black Basta uses brute-forcing tool to attack edge devices

The ransomware gang developed an automated framework to guess weak and reused passwords on VPNs and firewalls.

By Rob Wright • March 17, 2025

Medusa ransomware slams critical infrastructure organizations

The ransomware-as-a-service gang tallied more than 300 victims in industries such as healthcare, manufacturing and technology.

By Rob Wright • March 13, 2025

CISA: 3 Ivanti endpoint vulnerabilities exploited in the wild

Researchers last month published a proof-of-concept exploit for the critical flaws in Endpoint Manager.

By Rob Wright • March 11, 2025

Critical PHP vulnerability under widespread cyberattack

Telemetry data shows spikes in exploits of CVE-2024-4577 across several countries in recent months.

By Rob Wright • March 10, 2025

Cobalt Strike takedown effort cuts cracked versions by 80%

Fortra, Microsoft and Health-ISAC partnership reduced unauthorized copies of red team tool over the last two years.

By Rob Wright • March 7, 2025

37K+ VMware ESXi instances vulnerable to critical zero-day

Some customers have been unable to download the patches for three VMware zero-day vulnerabilities due to an issue with the Broadcom Support Portal.

By Rob Wright • March 6, 2025

Cyberattacks targeting IT vendors intensify, causing bigger losses

Ransomware criminals are on the hunt for prime targets that can yield bigger payouts, according to cyber risk management firm Resilience.

By Alexei Alexis • March 6, 2025

Broadcom urges customers to patch 3 zero-day VMware flaws

Cyberattackers with administrative access are actively exploiting vulnerabilities in ESXi, Workstation and Fusion products.

By Elizabeth Montalbano, Contributing Reporter • March 5, 2025

More than 86K IoT devices compromised by fast-growing Eleven11 botnet

The Iran-linked botnet has a large presence in the U.S. and is targeting telecom and other firms with DDoS attacks.

By David Jones • March 4, 2025

Rubrik discloses server breach, compromise of ‘access information’

The data security and backup vendor said it found no evidence that the stolen data was used by cyber threat actors.

By Rob Wright • March 4, 2025

Microsoft-signed driver used in ransomware attacks

Threat actors are exploiting a privilege escalation flaw in Paragon Partition Manager for “bring your own vulnerable driver” (BYOVD) attacks.

By Rob Wright • March 3, 2025

Lee Enterprises investigating ransomware claim, data leak threat

The newspaper chain previously confirmed the attack would likely have a material impact on its financial condition.

By David Jones • March 3, 2025

Leaked ransomware chat logs reveal Black Basta’s targeted CVEs

Cybercrime group focused on Microsoft vulnerabilities as well as flaws in network edge devices and communications software.

By Rob Wright • Feb. 27, 2025

Attackers exploiting Cisco vulnerabilities tied to Salt Typhoon campaign

GreyNoise observed exploitation of CVE-2018-0171, which Cisco Talos researchers said was used in a recent attack by the China-backed threat group.

By Rob Wright • Feb. 25, 2025

Is your browser ground zero for cyber-attacks?

Organizations must not overlook web browser threats – or the new technologies that can defeat them.

By Anupam Upadhyaya, Vice President Product Management – Prisma SASE at Palo Alto Networks • Feb. 24, 2025

Tech investment firm Insight Partners discloses data breach

The company holds equity in several major technology companies, including Wiz and Kaseya.

By Rob Wright • Feb. 19, 2025

Lee Enterprises says cyberattack will likely have material impact

The newspaper chain said attackers encrypted critical applications and impacted billing, payments and print distribution.

By David Jones • Feb. 18, 2025

Phishing campaign targets Microsoft device-code authentication flows

Russian state-sponsored hackers have attacked enterprises and government agencies in North America and overseas.

By Rob Wright • Feb. 18, 2025

China-backed hackers continue cyberattacks on telecom companies

Salt Typhoon threat actors compromised Cisco edge devices by exploiting older vulnerabilities.

By Rob Wright • Feb. 13, 2025

Ransomware gangs shifting tactics to evade enterprise defenses

Threat actors adapted to improved threat detection, law enforcement actions, new Huntress research finds.

By Rob Wright • Feb. 12, 2025

Lee Enterprises investigating cyberattack that disrupted operations across multiple news outlets

The company, a major U.S. newspaper chain, has been working with forensic specialists to fully restore services and determine the cause.

By David Jones • Feb. 11, 2025

VeraCore zero-day vulnerabilities exploited in supply chain attacks

Cybercriminals maintained access to one victim organization for more than four years.

By Rob Wright • Feb. 11, 2025

CISA warns of hackers targeting vulnerability in Trimble Cityworks to conduct RCE

The software is widely used in projects by local governments, utilities, airports and other facilities.

By David Jones • Feb. 10, 2025