Top lawmaker asks White House to address open-source software risks

The Senate Intelligence Committee’s chairman voiced concern about foreign adversaries tampering with code.

By Eric Geller • Dec. 19, 2025

Surge of credential-based hacking targets Palo Alto Networks GlobalProtect

After weeks of unusual scanning activity, the same campaign took aim at Cisco SSL VPNs.

By David Jones • Dec. 18, 2025

Explore the Trendline➔

Managing identity sprawl

Cyber threat actors know the simplest way to hack into an enterprise and remain under the radar is with stolen, legitimate user credentials -- and cloud services and AI are making managing and securing digital identities more challenging than ever.

By Cybersecurity Dive staff

NIST adds to AI security guidance with Cybersecurity Framework profile

Organizations have a new resource to map AI considerations onto NIST’s most famous security blueprint.

By Eric Geller • Dec. 17, 2025

Russia-linked hackers breach critical infrastructure organizations via edge devices

New research offers the latest evidence that vulnerable network edge equipment is a pressing concern.

By Eric Geller • Dec. 16, 2025

Cybersecurity concerns are paramount among executives in almost all roles, regions and industries

A new survey finds widespread agreement that security is one of the biggest challenges facing companies today.

By Eric Geller • Dec. 15, 2025

Cyberattacks force small firms to raise prices: ITRC

The price hikes create a hidden “cyber tax” that is helping to fuel inflation, according to the report. 

By Alexei Alexis • Dec. 11, 2025

Grid-scale battery energy storage systems face heightened risk of cyberattack

Experts warn that state-linked threat groups are actively searching for ways to disrupt the industry amid growing power demand in the U.S.

By David Jones • Dec. 11, 2025

Pro-Russia hacktivists launching attacks that could damage OT

The U.S. and its allies warned that defenders should take the hackers seriously, despite the attackers’ pattern of exaggerating their actual impact.

By Eric Geller • Dec. 10, 2025

Initial access brokers involved in more attacks, including on critical infrastructure

A research firm also finds nation-states aligning their cyberattacks more closely with geostrategic goals.

By Eric Geller • Dec. 8, 2025

Ransomware peaked in 2023 prior to law enforcement actions

U.S. Treasury report shows drop in threat activity in the wake of aggressive takedown efforts.

By David Jones • Dec. 8, 2025

State-linked groups target critical vulnerability in React Server Components

China-nexus threat groups have already begun targeting the flaw, creating widespread risk as nearly 40% of cloud environments are potentially impacted.

By David Jones • Updated Dec. 7, 2025

China-nexus actor targets multiple US entities with Brickstorm malware

Researchers outline a campaign targeting U.S. companies, and CISA warns of attacks on government services and IT firms.

By David Jones • Updated Dec. 5, 2025

US, allies urge critical infrastructure operators to carefully plan and oversee AI use

New guidance attempts to temper companies’ enthusiasm for the latest exciting technology.

By Eric Geller • Dec. 4, 2025

Lawmakers question White House on strategy for countering AI-fueled hacks

The Trump administration has said little about how it will prevent hackers from abusing AI.

By Eric Geller • Dec. 4, 2025

DDoS attack volume rises in Q3, fueled by Aisuru botnet

A report by Cloudflare also shows a surge in attacks targeting AI companies.

By David Jones • Dec. 3, 2025

Leading surveillance camera vendor signs CISA’s product-security pledge

Axis Communications is the first major surveillance camera maker to vow to adhere to CISA’s security guidelines.

By Eric Geller • Dec. 3, 2025

Senators push to renew cyber grant program for state, local governments

Security experts and local officials say the program is vital to protecting the country.

By Eric Geller • Dec. 2, 2025

Hackers ready threat campaign aimed at Zendesk environments

Researchers warn that hackers linked to recent social engineering attacks are targeting customer-service platforms. 

By David Jones • Updated Dec. 1, 2025

European police dismantle cryptocurrency mixer popular with ransomware gangs

Authorities have spent years trying to cripple the ecosystem that helps hackers hide their profits.

By Eric Geller • Dec. 1, 2025

Thanksgiving holiday weekend kicks off heightened threat environment for security teams

As workers take family time and consumers race for Black Friday discounts, hackers gain an advantage to penetrate vulnerable corporate perimeters.

By David Jones • Nov. 26, 2025

CISA urges mobile security as it warns of sophisticated spyware attacks

The agency’s rare warning about spyware activity comes as it updated mobile security guidance to reflect evolving threats.

By Eric Geller • Nov. 25, 2025

Russia-aligned hackers target US company in attack linked to Ukraine war effort

A threat group called RomCom has a history of cyberattacks against entities connected to the conflict.

By David Jones • Updated Nov. 25, 2025

Startup firm called Factory disrupts campaign designed to hijack development platform

The AI-based firm intercepted a state-linked operation that was abusing resources as part of a criminal cyber-fraud network.

By David Jones • Nov. 21, 2025

Salesforce investigating campaign targeting customer environments connected to Gainsight app

Researchers warn that ShinyHunters has been compromising OAuth tokens to gain potential access to customer data. 

By David Jones • Updated Nov. 21, 2025

Record-breaking DDoS attack against Microsoft Azure mitigated

The attack was linked to the Aisuru botnet, which targets compromised home routers and cameras.

By David Jones • Nov. 19, 2025