Landmark US cyber-information-sharing program expires, bringing uncertainty

Without legal protections, companies might stop reporting information about cybersecurity threats.

By Eric Geller • Oct. 1, 2025

CMMC is coming, but most contractors still have a long road to full compliance

A new survey illustrates the defense industrial base’s fragmented security posture.

By Eric Geller • Oct. 1, 2025

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

Jaguar Land Rover to resume some manufacturing within days

The U.K. will support a $2 billion loan guarantee to help restore the automaker’s supply chain after a cyberattack disrupted production.

By David Jones • Sept. 29, 2025

Cyber insurance could greatly reduce losses from diversification, mitigation measures

A report by CyberCube shows the global market is heavily concentrated in the U.S. and would benefit from expanding into new segments and improving cyber hygiene.

By David Jones • Sept. 25, 2025

CISA urges dependency checks following Shai-Hulud compromise

Security teams are urged to review their software environments after a major supply chain attack on the NPM ecosystem.

By David Jones • Sept. 24, 2025

Many ‘material’ cybersecurity breaches go unreported: VikingCloud

The research also found that cyberattacks have escalated both in frequency and severity in the past year, with AI serving as a primary driver behind the surge.

By Alexei Alexis • Sept. 23, 2025

Jaguar Land Rover to extend production pause into October following cyberattack

Meanwhile, Stellantis said hackers gained access to some customer information in a third-party data breach.

By David Jones • Sept. 23, 2025

AI-powered vulnerability detection will make things worse, not better, former US cyber official warns

Patching won’t be able to keep up with discovery, said Rob Joyce, who once led the National Security Agency's elite hacking team.

By Eric Geller • Sept. 22, 2025

Preemptive security predicted to constitute about half of IT security spending by 2030

The increasing use of AI will drive a demand for technology that can anticipate and neutralize threats, Gartner said in a new report.

By David Jones • Sept. 19, 2025

NIST explains how post-quantum cryptography push overlaps with existing security guidance

The agency published a document linking its recommendations for PQC migration to the advice in its landmark security publications.

By Eric Geller • Sept. 19, 2025

Evolving AI attacks, rapid model adoption worry cyber defenders

IT defenders think many of their security tools aren’t ready for AI-powered cyberattacks, according to a new report.

By Eric Geller • Sept. 19, 2025

Microsoft disrupts global phishing campaign that led to widespread credential theft

Officials say the operation led to ransomware and BEC attacks on U.S. hospitals and healthcare organizations.

By David Jones • Sept. 17, 2025

Context is key in a world of identity-based attacks and alert fatigue

A new report highlights why businesses struggle to separate true cyber threats from false positives.

By Eric Geller • Sept. 16, 2025

Schools are getting better at navigating ransomware attacks, Sophos finds

In 2025, 67% of global lower education providers said they stopped an attack before their stolen data was encrypted, the cybersecurity company reported.

By Anna Merod • Sept. 16, 2025

CISA audit sparks debate about cybersecurity pay incentives

Some Cybersecurity and Infrastructure Security Agency employees believe a recent inspector general’s report partially missed the mark.

By Eric Geller • Sept. 15, 2025

FBI warns about 2 campaigns targeting Salesforce instances

The threat groups, identified as UNC6040 and UNC6395, have used different tactics to gain access to data.

By David Jones • Sept. 15, 2025

CISA pledges robust support for funding, further development of CVE program

A key official from the agency said the vulnerability management program will continue with additional participation and enhancements.

By David Jones • Sept. 12, 2025

Researchers warn VoidProxy phishing platform can bypass MFA

The service has been targeting Microsoft and Google accounts for months, opening the door to possible BEC attacks and data exfiltration.

By David Jones • Sept. 12, 2025

UK cyber leader calls for shift in focus toward continuity of critical services

Richard Horne, CEO of the National Cyber Security Centre, said the U.S. remains a key ally in the global fight against sophisticated adversaries.

By David Jones • Sept. 11, 2025

How the retail sector teams up to defend against cybercrime

The cyberthreat intel-sharing and collaboration group RH-ISAC is helping companies confront cyberattacks. But the challenge is delivering timely intelligence in a dynamic threat environment.

By Eric Geller • Sept. 11, 2025

Senior NSC official said US needs to embrace offensive cyber

Alexei Bulazel said the administration is unapologetically in favor of using offensive capabilities to deter the nation’s adversaries. 

By David Jones • Sept. 10, 2025

Ransomware insurance losses spike despite fewer claims: Resilience

AI-powered phishing, “double extortion” tactics and insurance policy theft are fueling more destructive, costly ransomware attacks, the cybersecurity firm said.

By Alexei Alexis • Sept. 10, 2025

National cyber director says US must shift risk burden toward adversaries

In his first major address after confirmation, Sean Cairncross said the U.S. needs to take bold, coordinated steps to counter authoritarian rivals.

By David Jones • Sept. 10, 2025

Mitsubishi Electric agrees to buy Nozomi Networks in deal valued at about $1B

The agreement is part of a larger strategy for Mitsubishi to develop one-stop security capabilities in the OT space.

By David Jones • Sept. 9, 2025

How AI and politics hampered the secure open-source software movement

Tech giants pledged millions to secure open-source code. Then AI came along.

By Eric Geller • Sept. 9, 2025