Microsoft disrupts global phishing campaign that led to widespread credential theft

Officials say the operation led to ransomware and BEC attacks on U.S. hospitals and healthcare organizations.

By David Jones • Sept. 17, 2025

Context is key in a world of identity-based attacks and alert fatigue

A new report highlights why businesses struggle to separate true cyber threats from false positives.

By Eric Geller • Sept. 16, 2025

Explore the Trendline➔

Top 5 stories from Cybersecurity Dive

tk

By Cybersecurity Dive staff

Schools are getting better at navigating ransomware attacks, Sophos finds

In 2025, 67% of global lower education providers said they stopped an attack before their stolen data was encrypted, the cybersecurity company reported.

By Anna Merod • Sept. 16, 2025

CISA audit sparks debate about cybersecurity pay incentives

Some Cybersecurity and Infrastructure Security Agency employees believe a recent inspector general’s report partially missed the mark.

By Eric Geller • Sept. 15, 2025

FBI warns about 2 campaigns targeting Salesforce instances

The threat groups, identified as UNC6040 and UNC6395, have used different tactics to gain access to data.

By David Jones • Sept. 15, 2025

CISA pledges robust support for funding, further development of CVE program

A key official from the agency said the vulnerability management program will continue with additional participation and enhancements.

By David Jones • Sept. 12, 2025

Researchers warn VoidProxy phishing platform can bypass MFA

The service has been targeting Microsoft and Google accounts for months, opening the door to possible BEC attacks and data exfiltration.

By David Jones • Sept. 12, 2025

UK cyber leader calls for shift in focus toward continuity of critical services

Richard Horne, CEO of the National Cyber Security Centre, said the U.S. remains a key ally in the global fight against sophisticated adversaries.

By David Jones • Sept. 11, 2025

How the retail sector teams up to defend against cybercrime

The cyberthreat intel-sharing and collaboration group RH-ISAC is helping companies confront cyberattacks. But the challenge is delivering timely intelligence in a dynamic threat environment.

By Eric Geller • Sept. 11, 2025

Senior NSC official said US needs to embrace offensive cyber

Alexei Bulazel said the administration is unapologetically in favor of using offensive capabilities to deter the nation’s adversaries. 

By David Jones • Sept. 10, 2025

Ransomware insurance losses spike despite fewer claims: Resilience

AI-powered phishing, “double extortion” tactics and insurance policy theft are fueling more destructive, costly ransomware attacks, the cybersecurity firm said.

By Alexei Alexis • Sept. 10, 2025

National cyber director says US must shift risk burden toward adversaries

In his first major address after confirmation, Sean Cairncross said the U.S. needs to take bold, coordinated steps to counter authoritarian rivals.

By David Jones • Sept. 10, 2025

Mitsubishi Electric agrees to buy Nozomi Networks in deal valued at about $1B

The agreement is part of a larger strategy for Mitsubishi to develop one-stop security capabilities in the OT space.

By David Jones • Sept. 9, 2025

How AI and politics hampered the secure open-source software movement

Tech giants pledged millions to secure open-source code. Then AI came along.

By Eric Geller • Sept. 9, 2025

Data security gaps stymy enterprise AI plans

Nearly three-quarters of CIOs and CISOs see information complexity as an adoption roadblock.

By Matt Ashare • Sept. 8, 2025

Marriott checks out AI agents amid technology transformation

The multinational hospitality giant is building a model-agnostic chassis featuring an agentic layer.

By Lindsey Wilkinson • Sept. 5, 2025

Swiss Re warns of rate deterioration in cyber insurance

Competition among insurers has forced them to offer concessions on premiums, limits and controls.

By David Jones • Sept. 5, 2025

How the newest ISAC aims to help food and agriculture firms thwart cyberattacks

Food industry executives used to shrug off ransomware and cyber-espionage risks. A threat intel group is helping to change that, but its reach remains unclear.

By Eric Geller • Sept. 4, 2025

How Tampa General Hospital worked to quantify cyber risk

The medical center’s CIO and CISO teamed up to translate security decisions into dollars and cents.

By Matt Ashare • Sept. 3, 2025

FCC investigation could derail its own IoT security certification program

Internet of Things device makers are eager to participate, but the commission’s concerns about its lead administrator have halted progress of the U.S. Cyber Trust Mark program.

By Eric Geller • Sept. 2, 2025

Safety-critical industries wary about using AI for cybersecurity

Finance, tech and professional services are among the sectors with the widest adoption of AI-based security tools, according to a new report.

By Eric Geller • Aug. 27, 2025

CISOs grow more concerned about risk of material cyberattack

A report by Proofpoint shows growing anxiety among security leaders about their companies’ cyber readiness.

By David Jones • Aug. 26, 2025

Execs worry about unknown identity-security weaknesses

Credential theft attacks prove that companies need to do better, but business leaders cited many reasons for slow progress.

By Eric Geller • Aug. 26, 2025

IT, business leaders clash over cloud, data security

Executives plan to increase IT spend despite disappointing returns on tech investments, according to Unisys.

By Matt Ashare • Aug. 25, 2025

CISA updates SBOM recommendations

The document is primarily meant for federal agencies, but CISA hopes businesses will also use it to push vendors for software bills of materials.

By Eric Geller • Aug. 22, 2025