Threats
-
FCC will vote to scrap telecom cybersecurity requirements
The commission’s Republican chair, who voted against the rules in January, calls them ineffective and illegal.
By Eric Geller • Oct. 30, 2025 -
CISA updates guidance and warns security teams on WSUS exploitation
The agency urges users to apply emergency patches from Microsoft to counter a serious threat.
By David Jones • Oct. 30, 2025 -
Explore the Trendlineâž”
Getty Images
TrendlineRisk Management
An esclation of cyber risks facing businesses and government has made cyber resilience a major priority.
By Cybersecurity Dive staff -
AI adoption outpaces corporate governance, security controls
Security and business leaders warn that companies are accelerating their use of agentic AI beyond the ability to maintain proper guardrails.
By David Jones • Oct. 29, 2025 -
Google probes exploitation of critical Windows service CVE
Researchers have traced the threat activity to a newly identified hacker, while separate evidence points to more than one variant.
By David Jones • Oct. 28, 2025 -
North Korea led the world in nation-state hacking in Q2 and Q3
Security leaders should prioritize anomalous-activity detection and zero-trust principles, a new report recommends.
By Eric Geller • Oct. 24, 2025 -
AI security flaws afflict half of organizations
EY suggested ways for companies to reduce AI-related hacking risks.
By Eric Geller • Oct. 22, 2025 -
Opinion
Gartner: How to prepare for and respond to today’s evolving threat landscape
With the emergence of AI, security operations teams must navigate a fast-moving generation of cyber threats.
By Jeremy D'Hoinne, Distinguished Research VP, Gartner • Oct. 21, 2025 -
AI-fueled automation helps ransomware-as-a-service groups stand out from the crowd
Ransomware gangs that offer their affiliates customization and automation are growing faster than those that don’t, a new report finds.
By Eric Geller • Oct. 21, 2025 -
Deep Dive
Social engineering gains ground as preferred method of initial access
Senior executives and high-net-worth individuals are increasingly at risk as hackers use deepfakes, voice cloning and other tactics for targeted attacks.
By David Jones • Updated Oct. 21, 2025 -
Deep Dive
Why security awareness training doesn’t work — and how to fix it
Companies have built their security strategies around phishing simulations and educational webinars, tactics that research shows are ineffective.
By Eric Geller • Oct. 20, 2025 -
F5 supply chain hack endangers more than 600,000 internet-connected devices
The enterprise device vendor has patched several vulnerabilities that hackers discovered after breaching its networks.
By Eric Geller • Oct. 17, 2025 -
Many IT leaders click phishing links, and some don’t report them
A new survey shines light on the security practices and AI fears of IT leaders and their subordinates.
By Eric Geller • Oct. 16, 2025 -
Deep Dive
Auto sector faces historic cyber threats to business continuity
A catastrophic cyberattack at Jaguar Land Rover is forcing governments and industrial leaders to address urgent demands for business resilience and accountability.
By David Jones • Oct. 16, 2025 -
Nation-state hackers breached sensitive F5 systems, stole customer data
The federal government is scrambling to determine if any agencies have been hacked.
By Eric Geller • Oct. 15, 2025 -
SonicWall SSLVPN devices compromised using valid credentials
More than 100 SonicWall SSLVPN accounts have been impacted, according to Huntress.
By David Jones • Oct. 14, 2025 -
Salesforce refuses to submit to extortion demands linked to hacking campaigns
The company said it is aware of recent claims, but will not negotiate or pay a ransom.
By David Jones • Oct. 8, 2025 -
AI fuels social engineering but isn’t yet revolutionizing hacking
AI tools are still too computationally intense for cybercriminals to rely on, according to a new report.
By Eric Geller • Oct. 8, 2025 -
Businesses fear AI exposes them to more attacks
More than half of companies have already faced AI-powered phishing attacks, a new survey finds.
By Eric Geller • Oct. 7, 2025 -
Oracle investigating extortion emails targeting E-Business Suite customers
Hackers claiming links to Clop ransomware could be exploiting vulnerabilities disclosed in a July critical patch update.
By David Jones • Oct. 3, 2025 -
Hackers claiming ties to Clop launch wide extortion campaign targeting corporate executives
The email-based campaign purports to have sensitive data from breached Oracle E-Business Suite applications.
By David Jones • Oct. 2, 2025 -
Cisco firewall flaws endanger nearly 50,000 devices worldwide
The U.S., the U.K. and Japan lead the list of the most vulnerable countries.
By Eric Geller • Sept. 30, 2025 -
Critical infrastructure operators add more insecure industrial equipment online
The problem isn’t limited to legacy technology. New devices are exposed with critical vulnerabilities.
By Eric Geller • Sept. 25, 2025 -
CISA urges dependency checks following Shai-Hulud compromise
Security teams are urged to review their software environments after a major supply chain attack on the NPM ecosystem.
By David Jones • Sept. 24, 2025 -
UK authorities arrest man in connection with cyberattack against aviation vendor
The attack against Collins Aerospace led to significant flight disruptions at Heathrow and other major European hubs.
By David Jones • Sept. 24, 2025 -
China-linked groups are using stealthy malware to hack software suppliers
Google, which disclosed the campaign, said it was one of the most significant supply-chain hacks in recent memory.
By Eric Geller • Sept. 24, 2025