In the AI era, CISOs worry about data leaks and doubt tech will solve skills gaps

CISOs see AI as necessary but insufficient technology and fraught with risks, a new report found.

By Eric Geller • Feb. 24, 2026

Threat groups move at record speeds, as AI helps scale attacks

A report by CrowdStrike shows cybercrime groups are outpacing security teams and increasingly abusing legitimate tools.

By David Jones • Feb. 24, 2026

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

AI helps novice threat actor compromise FortiGate devices in dozens of countries

Generative AI tools analyzed target networks and wrote exploit code, enabling an opportunistic attacker to have an outsized impact, according to a new Amazon report.

By Eric Geller • Feb. 23, 2026

BeyondTrust Remote Support exploitation ramps up with backdoors, remote tools

Researchers warn that thousands of instances may still be vulnerable to exploitation activity.

By David Jones • Updated Feb. 20, 2026

US Treasury Department offers secure AI advice to financial services firms

The agency developed the resources in partnership with financial executives and other regulators.

By Eric Geller • Feb. 20, 2026

AI’s ‘connective tissue’ is woefully insecure, Cisco warns

In a new report, the company also said businesses should beware of the “SolarWinds of AI.”

By Eric Geller • Feb. 19, 2026

Identity and supply chain need more attention, risk intelligence firm says

Roughly a third of attacks now use stolen credentials, according to the company’s latest report.

By Eric Geller • Feb. 18, 2026

Newly identified hacking groups provide access to OT environments

A state-linked adversary has begun to pivot from the Ukraine war with new attacks targeting Europe and the U.S.

By David Jones • Feb. 17, 2026

Data-only extortion grows as ransomware gangs seek better profits

Businesses should prioritize securing one type of technology in particular, the security firm Arctic Wolf said in a new report.

By Eric Geller • Feb. 17, 2026

When AI agent security controls are enough – and when they’re not

Not all AI agents carry the same risk. Four zones that help determine when built-in controls are enough.

Feb. 17, 2026

Ransomware attacks increase against IT and food sectors

Social engineering and zero-day vulnerability weaponization are getting faster and easier, two information sharing and analysis centers said in new reports.

By Eric Geller • Feb. 13, 2026

CISA will shutter some missions to prioritize others

The agency has lost roughly one-third of its workforce since January 2025.

By Eric Geller • Updated Feb. 13, 2026

CISA seeks infrastructure sector consultation on incident reporting rule

The agency is particularly interested in feedback on several aspects of the long-awaited regulation.

By Eric Geller • Feb. 12, 2026

SmarterMail facing widespread attacks targeting critical flaws

The business email and collaboration software is being exploited for potential ransomware.

By David Jones • Feb. 12, 2026

The Future of DAST in an AI-First World: Why Runtime Security Testing Remains Critical

Runtime validation is where the gap is widening—and where this shift creates the biggest leap forward.

By Joni Klippert, CEO of StackHawk • Feb. 12, 2026

Extortion attacks on the rise as hackers prioritize supply-chain weaknesses

Consulting firms and manufacturing companies accounted for many of the ransomware victims posted to the dark web in 2025, Intel 471 said.

By Eric Geller • Feb. 11, 2026

Polish power grid hack offers lessons for critical infrastructure operators, CISA says

The agency listed several steps businesses could take to prevent similar cyberattacks.

By Eric Geller • Feb. 10, 2026

FTC data highlights online threats to consumers and businesses

The commission listed several steps companies can take to fend off attacks.

By Eric Geller • Feb. 9, 2026

Ransomware attacks against education sector slow worldwide

The U.S. saw the highest number of education-related ransomware attacks in 2025, at 130, despite a 9% decline year over year.

By Anna Merod • Feb. 6, 2026

CISA orders feds to disconnect unsupported network edge devices

The government is worried about hackers accessing systems through insecure and poorly monitored routers, firewalls and similar equipment at the network perimeter.

By Eric Geller • Feb. 5, 2026

Asian government’s espionage campaign breached critical infrastructure in 37 countries

The victims included national telecommunications firms, finance ministries and police agencies, with most targets suggesting an economic focus, Palo Alto Networks said.

By Eric Geller • Feb. 5, 2026

Autonomous attacks ushered cybercrime into AI era in 2025

Malwarebytes urged companies to adopt continuous monitoring and lock down identity systems as AI models get better at orchestrating intrusions.

By Eric Geller • Feb. 4, 2026

React2Shell exploitation undergoes significant change in threat activity

Researchers see a sudden consolidation of source IPs since late January.

By David Jones • Updated Feb. 4, 2026

AI-ISAC inches forward under Trump administration

The U.S. government is exploring different options for how the information-sharing organization should work, an official said.

By Eric Geller • Feb. 3, 2026

ShinyHunters escalates tactics in extortion campaign linked to Okta environments

Researchers are tracking multiple clusters that are using social engineering to gain access to victims.

By David Jones • Feb. 2, 2026