In financial sector, vendors lag behind customers on cybersecurity

Financial firms should be performing regular oversight of their vendors to avoid supply chain compromises, according to a new report.

By Eric Geller • Nov. 6, 2025

Your AI-driven threat hunting is only as good as your data platform and pipeline

The data-centric foundation for modern threat hunting.

By Taylor Smith, Director of Product Marketing at Exaforce • Nov. 6, 2025

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

AI-based malware makes attacks stealthier and more adaptive

Google says it has discovered at least five malware families that use AI to reinvent themselves and hide from defenders.

By Eric Geller • Nov. 5, 2025

Hackers targeting Cisco IOS XE devices with BadCandy implant

Security researchers and Australian authorities warn that exploitation activity is ongoing.

By David Jones • Updated Nov. 5, 2025

Identity-based attacks need more attention in cloud security strategies

Companies should lock down user accounts and scan for compromised credentials, according to a new report.

By Eric Geller • Nov. 4, 2025

Cybercrime groups team with organized crime in massive cargo theft campaigns

Financially motivated hackers are abusing remote monitoring and access tools against trucking and freight companies, Proofpoint warns.

By David Jones • Updated Nov. 3, 2025

Windows Server Update Service exploitation ensnares at least 50 victims

Researchers say hackers could be gathering intelligence for future attacks, and authorities warn users to apply patches and check for compromise.

By David Jones • Oct. 31, 2025

FCC will vote to scrap telecom cybersecurity requirements

The commission’s Republican chair, who voted against the rules in January, calls them ineffective and illegal.

By Eric Geller • Updated Oct. 31, 2025

CISA updates guidance and warns security teams on WSUS exploitation

The agency urges users to apply emergency patches from Microsoft to counter a serious threat.

By David Jones • Oct. 30, 2025

AI adoption outpaces corporate governance, security controls

Security and business leaders warn that companies are accelerating their use of agentic AI beyond the ability to maintain proper guardrails. 

By David Jones • Oct. 29, 2025

Google probes exploitation of critical Windows service CVE

Researchers have traced the threat activity to a newly identified hacker, while separate evidence points to more than one variant.

By David Jones • Oct. 28, 2025

North Korea led the world in nation-state hacking in Q2 and Q3

Security leaders should prioritize anomalous-activity detection and zero-trust principles, a new report recommends.

By Eric Geller • Oct. 24, 2025

AI security flaws afflict half of organizations

EY suggested ways for companies to reduce AI-related hacking risks.

By Eric Geller • Oct. 22, 2025

Gartner: How to prepare for and respond to today’s evolving threat landscape

With the emergence of AI, security operations teams must navigate a fast-moving generation of cyber threats.

By Jeremy D'Hoinne, Distinguished Research VP, Gartner • Oct. 21, 2025

AI-fueled automation helps ransomware-as-a-service groups stand out from the crowd

Ransomware gangs that offer their affiliates customization and automation are growing faster than those that don’t, a new report finds.

By Eric Geller • Oct. 21, 2025

Social engineering gains ground as preferred method of initial access

Senior executives and high-net-worth individuals are increasingly at risk as hackers use deepfakes, voice cloning and other tactics for targeted attacks. 

By David Jones • Updated Oct. 21, 2025

Why security awareness training doesn’t work — and how to fix it

Companies have built their security strategies around phishing simulations and educational webinars, tactics that research shows are ineffective.

By Eric Geller • Oct. 20, 2025

F5 supply chain hack endangers more than 600,000 internet-connected devices

The enterprise device vendor has patched several vulnerabilities that hackers discovered after breaching its networks.

By Eric Geller • Oct. 17, 2025

Many IT leaders click phishing links, and some don’t report them

A new survey shines light on the security practices and AI fears of IT leaders and their subordinates.

By Eric Geller • Oct. 16, 2025

Auto sector faces historic cyber threats to business continuity

A catastrophic cyberattack at Jaguar Land Rover is forcing governments and industrial leaders to address urgent demands for business resilience and accountability.

By David Jones • Oct. 16, 2025

Nation-state hackers breached sensitive F5 systems, stole customer data

The federal government is scrambling to determine if any agencies have been hacked.

By Eric Geller • Oct. 15, 2025

SonicWall SSLVPN devices compromised using valid credentials

More than 100 SonicWall SSLVPN accounts have been impacted, according to Huntress.

By David Jones • Oct. 14, 2025

Salesforce refuses to submit to extortion demands linked to hacking campaigns

The company said it is aware of recent claims, but will not negotiate or pay a ransom.

By David Jones • Oct. 8, 2025

AI fuels social engineering but isn’t yet revolutionizing hacking

AI tools are still too computationally intense for cybercriminals to rely on, according to a new report.

By Eric Geller • Oct. 8, 2025

Businesses fear AI exposes them to more attacks

More than half of companies have already faced AI-powered phishing attacks, a new survey finds.

By Eric Geller • Oct. 7, 2025