NIST and MITRE partner to test AI defense technology for critical infrastructure

The National Institute of Standards and Technology is partnering with a nonprofit research organization to study how AI can boost the security of critical infrastructure. NIST on Monday announced that the agency and MITRE are creating an AI Economic Security Center to Secure U.S. Critical Infr...

By Eric Geller • Dec. 23, 2025

AI security is fundamentally a cloud infrastructure problem, Palo Alto Networks says

Companies should prioritize identity security and integrate cloud monitoring into the SOC, according to the security firm.

By Eric Geller • Dec. 22, 2025

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

CISA warns of continued threat activity linked to Brickstorm malware

Officials provided additional evidence showing its ability to maintain persistence and evade defenses.

By David Jones • Dec. 22, 2025

State-linked and criminal hackers use device code phishing against M365 users

Russia-linked groups have attacked multiple sectors in recent months.

By David Jones • Dec. 19, 2025

Top lawmaker asks White House to address open-source software risks

The Senate Intelligence Committee’s chairman voiced concern about foreign adversaries tampering with code.

By Eric Geller • Dec. 19, 2025

Surge of credential-based hacking targets Palo Alto Networks GlobalProtect

After weeks of unusual scanning activity, the same campaign took aim at Cisco SSL VPNs.

By David Jones • Dec. 18, 2025

NIST adds to AI security guidance with Cybersecurity Framework profile

Organizations have a new resource to map AI considerations onto NIST’s most famous security blueprint.

By Eric Geller • Dec. 17, 2025

Russia-linked hackers breach critical infrastructure organizations via edge devices

New research offers the latest evidence that vulnerable network edge equipment is a pressing concern.

By Eric Geller • Dec. 16, 2025

Cybersecurity concerns are paramount among executives in almost all roles, regions and industries

A new survey finds widespread agreement that security is one of the biggest challenges facing companies today.

By Eric Geller • Dec. 15, 2025

Cyberattacks force small firms to raise prices: ITRC

The price hikes create a hidden “cyber tax” that is helping to fuel inflation, according to the report. 

By Alexei Alexis • Dec. 11, 2025

Grid-scale battery energy storage systems face heightened risk of cyberattack

Experts warn that state-linked threat groups are actively searching for ways to disrupt the industry amid growing power demand in the U.S.

By David Jones • Dec. 11, 2025

Pro-Russia hacktivists launching attacks that could damage OT

The U.S. and its allies warned that defenders should take the hackers seriously, despite the attackers’ pattern of exaggerating their actual impact.

By Eric Geller • Dec. 10, 2025

Initial access brokers involved in more attacks, including on critical infrastructure

A research firm also finds nation-states aligning their cyberattacks more closely with geostrategic goals.

By Eric Geller • Dec. 8, 2025

Ransomware peaked in 2023 prior to law enforcement actions

U.S. Treasury report shows drop in threat activity in the wake of aggressive takedown efforts.

By David Jones • Dec. 8, 2025

State-linked groups target critical vulnerability in React Server Components

China-nexus threat groups have already begun targeting the flaw, creating widespread risk as nearly 40% of cloud environments are potentially impacted.

By David Jones • Updated Dec. 7, 2025

China-nexus actor targets multiple US entities with Brickstorm malware

Researchers outline a campaign targeting U.S. companies, and CISA warns of attacks on government services and IT firms.

By David Jones • Updated Dec. 5, 2025

US, allies urge critical infrastructure operators to carefully plan and oversee AI use

New guidance attempts to temper companies’ enthusiasm for the latest exciting technology.

By Eric Geller • Dec. 4, 2025

Lawmakers question White House on strategy for countering AI-fueled hacks

The Trump administration has said little about how it will prevent hackers from abusing AI.

By Eric Geller • Dec. 4, 2025

DDoS attack volume rises in Q3, fueled by Aisuru botnet

A report by Cloudflare also shows a surge in attacks targeting AI companies.

By David Jones • Dec. 3, 2025

Leading surveillance camera vendor signs CISA’s product-security pledge

Axis Communications is the first major surveillance camera maker to vow to adhere to CISA’s security guidelines.

By Eric Geller • Dec. 3, 2025

Senators push to renew cyber grant program for state, local governments

Security experts and local officials say the program is vital to protecting the country.

By Eric Geller • Dec. 2, 2025

Hackers ready threat campaign aimed at Zendesk environments

Researchers warn that hackers linked to recent social engineering attacks are targeting customer-service platforms. 

By David Jones • Updated Dec. 1, 2025

European police dismantle cryptocurrency mixer popular with ransomware gangs

Authorities have spent years trying to cripple the ecosystem that helps hackers hide their profits.

By Eric Geller • Dec. 1, 2025

Thanksgiving holiday weekend kicks off heightened threat environment for security teams

As workers take family time and consumers race for Black Friday discounts, hackers gain an advantage to penetrate vulnerable corporate perimeters.

By David Jones • Nov. 26, 2025

CISA urges mobile security as it warns of sophisticated spyware attacks

The agency’s rare warning about spyware activity comes as it updated mobile security guidance to reflect evolving threats.

By Eric Geller • Nov. 25, 2025