FBI seeks public tips about Salt Typhoon

The bureau’s public alert follows months of conversations with the telecom industry about the far-reaching cyber espionage campaign by a Chinese nation-state threat actor.

By Eric Geller • April 28, 2025

Critical vulnerability in SAP NetWeaver under threat of active exploitation

Attackers have been observed dropping webshell backdoors and researchers warn the application is popular among government agencies.

By David Jones • Updated April 25, 2025

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

Threat groups exploit resurgent vulnerabilities

VPNs, routers and firewalls are being targeted via older CVEs, new GreyNoise research shows.

By David Jones • April 24, 2025

BEC scams, investment fraud accounted for biggest cybercrime losses in 2024

Americans lost $16.6 billion to cyber fraud last year, according to an FBI report, with phishing, spoofing and extortion topping the list of complaints.

By Eric Geller • April 23, 2025

Financial gain still drives majority of cyber threat activity

Stolen credentials are becoming a more prevalent form of initial access, a report from Mandiant shows.

By David Jones • April 23, 2025

Ahold Delhaize confirms data stolen after threat group claims credit for November attack

A highly active threat group says it will release stolen information, months after an attack disrupted e-commerce operations at the grocer’s U.S. business.

By David Jones , Sam Silverstein • April 17, 2025

Bill extends cyber threat info-sharing between public, private sector

The Cybersecurity Information Sharing Act of 2015, set to expire in September, “moved the needle.”

By Elizabeth Montalbano, Contributing Reporter • April 16, 2025

Remote access tools most frequently targeted as ransomware entry points

Supply chain risk via third-party vendors increased sharply last year, according to a report by At-Bay.

By David Jones • April 11, 2025

Windows CLFS zero-day exploited in ransomware attacks

A threat actor tracked as Storm-2460 has used PipeMagic malware to facilitate the attacks.

By David Jones • April 9, 2025

Over 5K Ivanti VPNs vulnerable to critical bug under attack

China-linked threat actors last month began exploiting CVE-2025-22457, a critical stack buffer-overflow flaw.

By Rob Wright • April 8, 2025

Trump administration under scrutiny as it puts major round of CISA cuts on the table

Congressional members plan to raise questions Tuesday as hundreds of critical jobs could be slashed in the coming weeks.

By David Jones • April 7, 2025

CISA, FBI warn of fast flux technique used to hide malicious servers

Criminal and state-linked hackers use fast-changing DNS records to make it harder for defenders to detect or disrupt malicious activity.

By David Jones • April 4, 2025

Mass login scans of PAN GlobalProtect portals surge

Nearly 24K unique IP addresses have attempted to access portals in the last 30 days, raising concerns of imminent attacks over the past 30 days.

By Elizabeth Montalbano, Contributing Reporter • April 2, 2025

Check Point Software confirms security incident but pushes back on threat actor claims

A malicious hacker recently offered to sell the security firm’s sensitive customer information.

By David Jones • April 2, 2025

FTC chief flags data privacy concerns in 23andMe bankruptcy

The company filed for bankruptcy after financial challenges over the past few years and a massive data breach in 2023.

By Alexei Alexis • April 2, 2025

Critical vulnerability in CrushFTP file transfer software under attack

Questions and confusion surround the authentication bypass vulnerability, which was privately disclosed to customers on March 21.

By Rob Wright • April 1, 2025

Hacker linked to Oracle Cloud intrusion threatens to sell stolen data

Security researchers from Trustwave SpiderLabs provided additional evidence backing up claims of a breach.

By David Jones • March 31, 2025

Threat actor in Oracle Cloud breach may have gained access to production environments

Researchers from CloudSEK are analyzing a data sample from a threat actor that claimed a massive breach involving 6 million records. 

By David Jones • March 27, 2025

Ransomware gangs increasingly brandish EDR bypass tools

Custom tool developed by RansomHub, dubbed “EDRKillShifter,” is used by several other rival ransomware gangs.

By Rob Wright • March 27, 2025

FCC investigating China-linked companies over evasion of US national security measures

The agency is cracking down on the use of prohibited technologies following a series of hacks into US telecommunications firms.

By David Jones • March 24, 2025

How ASPM gives you control over complex architectures

ASPM gives organizations control by unifying risk data, automating threat analysis, and prioritizing vulnerabilities based on their business impact.

By Sohail Iqbal, Chief Information Security Officer, Veracode • March 24, 2025

RansomHub using FakeUpdates scheme to attack government sector

The ransomware gang is collaborating with SocGholish, an extensive malware operation that employs compromised websites and fake browser updates.

By Rob Wright • March 18, 2025

Black Basta uses brute-forcing tool to attack edge devices

The ransomware gang developed an automated framework to guess weak and reused passwords on VPNs and firewalls.

By Rob Wright • March 17, 2025

FCC launches national security unit to counter state-linked threats to US telecoms

The new council is part of an effort to thwart Salt Typhoon and other cyber espionage groups.

By David Jones • March 13, 2025

Medusa ransomware slams critical infrastructure organizations

The ransomware-as-a-service gang tallied more than 300 victims in industries such as healthcare, manufacturing and technology.

By Rob Wright • March 13, 2025