FBI warns about 2 campaigns targeting Salesforce instances

The threat groups, identified as UNC6040 and UNC6395, have used different tactics to gain access to data.

By David Jones • Sept. 15, 2025

CISA pledges robust support for funding, further development of CVE program

A key official from the agency said the vulnerability management program will continue with additional participation and enhancements.

By David Jones • Sept. 12, 2025

Explore the Trendline➔

Top 5 stories from Cybersecurity Dive

tk

By Cybersecurity Dive staff

National cyber director says US must shift risk burden toward adversaries

In his first major address after confirmation, Sean Cairncross said the U.S. needs to take bold, coordinated steps to counter authoritarian rivals.

By David Jones • Sept. 10, 2025

How AI and politics hampered the secure open-source software movement

Tech giants pledged millions to secure open-source code. Then AI came along.

By Eric Geller • Sept. 9, 2025

FCC investigation could derail its own IoT security certification program

Internet of Things device makers are eager to participate, but the commission’s concerns about its lead administrator have halted progress of the U.S. Cyber Trust Mark program.

By Eric Geller • Sept. 2, 2025

Federal, state officials investigating ransomware attack targeting Nevada

The Sunday attack disrupted key services across the state and led to the theft of some data.

By David Jones • Updated Aug. 29, 2025

US charges Oregon man in vast botnet-for-hire operation

Federal prosecutors called Rapper Bot one of the most powerful DDoS botnets in history.

By David Jones • Aug. 21, 2025

NIST seeks input on control overlays for securing AI systems

The federal agency plans to develop guidance to organizations about various AI use cases.

By David Jones • Aug. 18, 2025

Trump administration cyber cuts eroding private sector’s trust, confidence

A report by Swimlane shows companies are reducing cybersecurity spending and security teams are experiencing increasing pressure.

By David Jones • Updated Aug. 14, 2025

White House urged to revamp cyber regulations

A leading trade group said the Trump administration should rein in a major pending cybersecurity rule as well as embrace AI-based cyber defenses.

By Eric Geller • Aug. 14, 2025

DOJ, international partners take down BlackSuit group’s infrastructure

BlackSuit has been among the most prolific ransomware gangs in recent years, targeting government agencies, critical manufacturing companies and healthcare firms.

By David Jones • Aug. 11, 2025

Cyber experts ponder a non-government future for the CVE program

Organizations supporting the security vulnerability program said it needed changes to improve stability and rebuild trust.

By Eric Geller • Aug. 11, 2025

CISA officials say agency is moving ahead despite workforce purge

Two senior officials defended the agency’s progress amid concerns about the effects of mass layoffs and budget cuts.

By Eric Geller • Aug. 8, 2025

US still prioritizing zero-trust migration to limit hacks’ damage

The zero-trust initiative, which gained steam during the Biden administration, is still underway.

By Eric Geller • Updated Aug. 7, 2025

CISA’s relationship with industry needs work to reestablish trust, experts say

Critics say budget cuts, job losses have hurt the agency’s ability to coordinate with private industry.

By David Jones • Aug. 6, 2025

Senate confirms Trump’s national cyber director nominee

Sean Cairncross, a political veteran without significant cybersecurity experience, could turn the relatively new White House office into a major player in the administration.

By Eric Geller • Aug. 3, 2025

DOJ reaches $9.8 million settlement with Illumina over cyber whistleblower claims

The U.S. alleged the company knowingly sold genetic-sequencing systems with software vulnerabilities to federal agencies.

By David Jones • Updated Aug. 1, 2025

FBI, CISA warn about Scattered Spider’s evolving tactics

International authorities are pursuing the group following the arrests of four suspects in a series of attacks targeting British retailers.

By David Jones • July 29, 2025

Senators push CISA director nominee on election security, agency focus

Sean Plankey said he would double down on CISA’s core mission and “allow the operators to operate.”

By Eric Geller • July 24, 2025

Trump AI plan calls for cybersecurity assessments, threat info-sharing

It remains unclear how federal agencies depleted by layoffs will be able to implement the strategy’s ambitious vision, which includes an ISAC dedicated to AI.

By Eric Geller • July 23, 2025

Lapsed CISA contract impedes national lab’s threat-hunting operations

The CyberSentry program remains operational, according to CISA, with analysts outside the lab continuing to review sensor data.

By Eric Geller • July 23, 2025

Dwindling federal cyber support for critical infrastructure raises alarms

A plan to transfer cybersecurity and resilience responsibilities to states could have major unintended consequences.

By Eric Geller • July 22, 2025

Top US senator calls out supply-chain risk with DoD contractors

The Senate Intelligence Committee chairman questioned the security of Microsoft’s “digital escort” arrangement with its Chinese employees.

By Eric Geller • Updated July 18, 2025

State Department cyber diplomacy firings and changes threaten US defenses

Departures and restructuring will make it harder for the agency to pursue global policies that strengthen U.S. critical infrastructure, experts said.

By Eric Geller • July 17, 2025

UK authorities arrest 4 people in probe of retail cyberattack spree

The arrests mark the first major break in a case linked to the Scattered Spider cybercrime group, although additional work continues with multiple agencies.

By David Jones • Updated July 10, 2025