Oracle investigating extortion emails targeting E-Business Suite customers

Hackers claiming links to Clop ransomware could be exploiting vulnerabilities disclosed in a July critical patch update.

By David Jones • Oct. 3, 2025

Hackers claiming ties to Clop launch wide extortion campaign targeting corporate executives

The email-based campaign purports to have sensitive data from breached Oracle E-Business Suite applications. 

By David Jones • Oct. 2, 2025

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

Cisco firewall flaws endanger nearly 50,000 devices worldwide

The U.S., the U.K. and Japan lead the list of the most vulnerable countries.

By Eric Geller • Sept. 30, 2025

Critical infrastructure operators add more insecure industrial equipment online

The problem isn’t limited to legacy technology. New devices are exposed with critical vulnerabilities.

By Eric Geller • Sept. 25, 2025

CISA urges dependency checks following Shai-Hulud compromise

Security teams are urged to review their software environments after a major supply chain attack on the NPM ecosystem.

By David Jones • Sept. 24, 2025

UK authorities arrest man in connection with cyberattack against aviation vendor

The attack against Collins Aerospace led to significant flight disruptions at Heathrow and other major European hubs.

By David Jones • Sept. 24, 2025

China-linked groups are using stealthy malware to hack software suppliers

Google, which disclosed the campaign, said it was one of the most significant supply-chain hacks in recent memory.

By Eric Geller • Sept. 24, 2025

AI-powered vulnerability detection will make things worse, not better, former US cyber official warns

Patching won’t be able to keep up with discovery, said Rob Joyce, who once led the National Security Agency's elite hacking team.

By Eric Geller • Sept. 22, 2025

Evolving AI attacks, rapid model adoption worry cyber defenders

IT defenders think many of their security tools aren’t ready for AI-powered cyberattacks, according to a new report.

By Eric Geller • Sept. 19, 2025

Healthcare firms’ hack-related losses outpace those of other sectors

Companies in the healthcare sector experienced far more attacks costing more than $500,000 compared with organizations in other industries, according to a new report.

By Eric Geller • Sept. 18, 2025

Microsoft disrupts global phishing campaign that led to widespread credential theft

Officials say the operation led to ransomware and BEC attacks on U.S. hospitals and healthcare organizations.

By David Jones • Sept. 17, 2025

Context is key in a world of identity-based attacks and alert fatigue

A new report highlights why businesses struggle to separate true cyber threats from false positives.

By Eric Geller • Sept. 16, 2025

FBI warns about 2 campaigns targeting Salesforce instances

The threat groups, identified as UNC6040 and UNC6395, have used different tactics to gain access to data.

By David Jones • Sept. 15, 2025

Researchers warn VoidProxy phishing platform can bypass MFA

The service has been targeting Microsoft and Google accounts for months, opening the door to possible BEC attacks and data exfiltration.

By David Jones • Sept. 12, 2025

How the retail sector teams up to defend against cybercrime

The cyberthreat intel-sharing and collaboration group RH-ISAC is helping companies confront cyberattacks. But the challenge is delivering timely intelligence in a dynamic threat environment.

By Eric Geller • Sept. 11, 2025

Ransomware insurance losses spike despite fewer claims: Resilience

AI-powered phishing, “double extortion” tactics and insurance policy theft are fueling more destructive, costly ransomware attacks, the cybersecurity firm said.

By Alexei Alexis • Sept. 10, 2025

How AI and politics hampered the secure open-source software movement

Tech giants pledged millions to secure open-source code. Then AI came along.

By Eric Geller • Sept. 9, 2025

How the newest ISAC aims to help food and agriculture firms thwart cyberattacks

Food industry executives used to shrug off ransomware and cyber-espionage risks. A threat intel group is helping to change that, but its reach remains unclear.

By Eric Geller • Sept. 4, 2025

Cloudflare, Proofpoint say hackers gained access to Salesforce instances in attack spree

The breaches are part of hundreds of potential supply chain attacks linked to Salesloft Drift.

By David Jones • Sept. 3, 2025

FCC investigation could derail its own IoT security certification program

Internet of Things device makers are eager to participate, but the commission’s concerns about its lead administrator have halted progress of the U.S. Cyber Trust Mark program.

By Eric Geller • Sept. 2, 2025

US, allies warn China-linked actors still targeting critical infrastructure

An advisory from 13 countries says state-backed hackers continue trying to breach telecommunications systems and other vital networks.

By Eric Geller • Aug. 27, 2025

Hackers steal data from Salesforce instances in widespread campaign

Google researchers say the hackers abused a third-party tool in an attack spree designed to harvest credentials.

By David Jones • Updated Aug. 29, 2025

Execs worry about unknown identity-security weaknesses

Credential theft attacks prove that companies need to do better, but business leaders cited many reasons for slow progress.

By Eric Geller • Aug. 26, 2025

China-nexus hacker Silk Typhoon targeting cloud environments

The state-linked espionage group has exploited zero-day flaws in Commvault and Citrix Netscaler, researchers say.

By David Jones • Aug. 22, 2025

US charges Oregon man in vast botnet-for-hire operation

Federal prosecutors called Rapper Bot one of the most powerful DDoS botnets in history.

By David Jones • Aug. 21, 2025