Akira actively engaged in ransomware attacks against critical sectors

The group has stepped up threat activity by abusing edge devices and other tools, reaping hundreds of millions of dollars in illicit gains.

By David Jones • Nov. 13, 2025

Government funding bill temporarily revives cybersecurity information-sharing law

The spending legislation passed by Congress will reauthorize the CISA 2015 program through the end of January.

By Eric Geller • Nov. 13, 2025

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

Nevada ransomware attack traced back to malware download by employee

The state refused to pay a ransom and recovered 90% of the impacted data.

By David Jones • Nov. 7, 2025

CISA, NSA unveil best-practices guide to address ongoing Exchange Server risks

The guide follows CISA’s warnings in August about a high-severity vulnerability in Microsoft Exchange.

By David Jones • Oct. 30, 2025

FCC will vote to scrap telecom cybersecurity requirements

The commission’s Republican chair, who voted against the rules in January, calls them ineffective and illegal.

By Eric Geller • Updated Oct. 31, 2025

Canadian authorities warn of hacktivists targeting exposed ICS devices

Hackers have manipulated critical components at water utilities, oil and gas facilities, and agricultural sites in recent weeks.

By David Jones • Updated Oct. 31, 2025

Conduent says data breach originally began with 2024 intrusion

The cyberattack, which affected several state agencies, has also impacted multiple insurance providers.

By David Jones • Oct. 27, 2025

UN member states sign cybercrime agreement despite industry, activist opposition

Critics say the new convention is ripe for abuse by authoritarian countries.

By Eric Geller • Oct. 27, 2025

CISA’s international, industry and academic partnerships slashed

The latest round of sweeping layoffs could hamper the business community’s collaboration with the beleaguered cyber agency.

By Eric Geller • Oct. 22, 2025

Auto sector faces historic cyber threats to business continuity

A catastrophic cyberattack at Jaguar Land Rover is forcing governments and industrial leaders to address urgent demands for business resilience and accountability.

By David Jones • Oct. 16, 2025

CISA’s latest cuts reignite concerns among Democratic lawmakers

A congressman on a key subcommittee suggests that shrinking CISA leaves Americans exposed to mounting cyber threats.

By Eric Geller • Oct. 15, 2025

Public disclosures of AI risk surge among S&P 500 companies

A report by The Conference Board shows companies are flagging concerns about cyber and reputational risk as they increase deployment.

By David Jones • Oct. 7, 2025

Landmark US cyber-information-sharing program expires, bringing uncertainty

Without legal protections, companies might stop reporting information about cybersecurity threats.

By Eric Geller • Oct. 1, 2025

Federal cuts force many state and local governments out of cyber collaboration group

The Multi-State Information Sharing and Analysis Center lost U.S. government funding at midnight, jeopardizing the cybersecurity of thousands of cash-strapped counties, cities and towns.

By Eric Geller • Oct. 1, 2025

CMMC is coming, but most contractors still have a long road to full compliance

A new survey illustrates the defense industrial base’s fragmented security posture.

By Eric Geller • Oct. 1, 2025

Cyber insurance could greatly reduce losses from diversification, mitigation measures

A report by CyberCube shows the global market is heavily concentrated in the U.S. and would benefit from expanding into new segments and improving cyber hygiene.

By David Jones • Sept. 25, 2025

CISA urges dependency checks following Shai-Hulud compromise

Security teams are urged to review their software environments after a major supply chain attack on the NPM ecosystem.

By David Jones • Sept. 24, 2025

How to build a trustworthy AI governance roadmap aligned with ISO 42001

Future-proof AI with a governance roadmap aligned to ISO 42001.

Sept. 22, 2025

NIST explains how post-quantum cryptography push overlaps with existing security guidance

The agency published a document linking its recommendations for PQC migration to the advice in its landmark security publications.

By Eric Geller • Sept. 19, 2025

Microsoft disrupts global phishing campaign that led to widespread credential theft

Officials say the operation led to ransomware and BEC attacks on U.S. hospitals and healthcare organizations.

By David Jones • Sept. 17, 2025

House spending bill would reauthorize key cybersecurity programs

The two programs, which encourage information sharing and fund local improvements, are seen as critical for national cyber resilience.

By Eric Geller • Sept. 17, 2025

FBI warns about 2 campaigns targeting Salesforce instances

The threat groups, identified as UNC6040 and UNC6395, have used different tactics to gain access to data.

By David Jones • Sept. 15, 2025

CISA pledges robust support for funding, further development of CVE program

A key official from the agency said the vulnerability management program will continue with additional participation and enhancements.

By David Jones • Sept. 12, 2025

National cyber director says US must shift risk burden toward adversaries

In his first major address after confirmation, Sean Cairncross said the U.S. needs to take bold, coordinated steps to counter authoritarian rivals.

By David Jones • Sept. 10, 2025

How AI and politics hampered the secure open-source software movement

Tech giants pledged millions to secure open-source code. Then AI came along.

By Eric Geller • Sept. 9, 2025