Microsoft, Dutch government discover new Russian hacking group

The findings highlight the vulnerability of all critical infrastructure firms to similar attack methods.

By Eric Geller • Updated May 28, 2025

US authorities charge 16 in operation to disrupt DanaBot malware

Authorities said malware linked to Russia-based cybercrime group infected more than 300,000 computers around the world with the malicious code.

By David Jones • May 27, 2025

Explore the Trendline➔

Risk Management

An esclation of cyber risks facing businesses and government has made cyber resilience a major priority. 

By Cybersecurity Dive staff

US, allies recommend security protections for AI models

The joint guidance comes as officials fear how hackers could manipulate AI systems, especially in critical infrastructure.

By Eric Geller • May 22, 2025

Russia stepping up attacks on firms aiding Ukraine, Western nations warn

One of Moscow’s most infamous hacker teams is targeting logistics and technology companies supporting Kyiv’s war effort.

By Eric Geller • May 21, 2025

Microsoft leads international takedown of Lumma Stealer

The Lumma infostealer malware is a popular way for hackers to steal passwords, credit cards and cryptocurrency wallets.

By David Jones • May 21, 2025

FBI warns senior US officials are being impersonated using texts, AI-based voice cloning

Hackers are increasingly using vishing and smishing for state-backed espionage campaigns and major ransomware attacks.

By David Jones • May 16, 2025

GOP lawmakers urge ban of networking vendor TP-Link, citing ties to China

The Trump administration is facing mounting pressure to formulate a strategy for addressing supply-chain threats that endanger national security.

By Eric Geller • May 15, 2025

Researchers warn threat actors in UK retail attacks are targeting US sector

Google Threat Intelligence researchers say the hackers behind intrusions at multiple British retailers are launching similar social engineering attacks against American companies. 

By David Jones • May 15, 2025

China helps North Korean operatives land IT roles, bypassing sanctions

One Chinese company with at least 35 affiliates has shipped IT equipment to a North Korean government-backed organization.

By Eric Geller • Updated May 14, 2025

PowerSchool data breach leads to school extortion attempts

A threat actor has contacted multiple school districts demanding payments related to student and staff data stolen in a December breach.

By Anna Merod • May 13, 2025

SAP NetWeaver exploitation enters second wave of threat activity

Researchers are tracking hundreds of cases around the world and warning that the risk is more serious than previously known.

By David Jones • May 9, 2025

CISA, FBI warn of ‘unsophisticated’ hackers targeting industrial systems

Federal authorities, including the EPA and the U.S. Department of Energy, urged network defenders to secure remote access and use stronger passwords.

By David Jones • May 8, 2025

Ransomware claims dipped slightly in 2024, cyber insurer says

A major cyber insurer’s annual report lays out how hackers are trying to steal money and how its policyholders responded.

By Eric Geller • May 7, 2025

UK authorities warn of retail-sector risks following cyberattack spree

Three major retail brands, including Harrods and M&S, have been targeted in recent weeks.

By David Jones • May 5, 2025

Operational impacts top list of vendor risk worries, study finds

The report comes as years of supply chain cyberattacks shine a spotlight on third-party risks.

By Eric Geller • May 1, 2025

FBI seeks public tips about Salt Typhoon

The bureau’s public alert follows months of conversations with the telecom industry about the far-reaching cyber espionage campaign by a Chinese nation-state threat actor.

By Eric Geller • April 28, 2025

Critical vulnerability in SAP NetWeaver under threat of active exploitation

Attackers have been observed dropping webshell backdoors and researchers warn the application is popular among government agencies.

By David Jones • Updated April 25, 2025

Threat groups exploit resurgent vulnerabilities

VPNs, routers and firewalls are being targeted via older CVEs, new GreyNoise research shows.

By David Jones • April 24, 2025

BEC scams, investment fraud accounted for biggest cybercrime losses in 2024

Americans lost $16.6 billion to cyber fraud last year, according to an FBI report, with phishing, spoofing and extortion topping the list of complaints.

By Eric Geller • April 23, 2025

Financial gain still drives majority of cyber threat activity

Stolen credentials are becoming a more prevalent form of initial access, a report from Mandiant shows.

By David Jones • April 23, 2025

Ahold Delhaize confirms data stolen after threat group claims credit for November attack

A highly active threat group says it will release stolen information, months after an attack disrupted e-commerce operations at the grocer’s U.S. business.

By David Jones , Sam Silverstein • April 17, 2025

Bill extends cyber threat info-sharing between public, private sector

The Cybersecurity Information Sharing Act of 2015, set to expire in September, “moved the needle.”

By Elizabeth Montalbano, Contributing Reporter • April 16, 2025

Remote access tools most frequently targeted as ransomware entry points

Supply chain risk via third-party vendors increased sharply last year, according to a report by At-Bay.

By David Jones • April 11, 2025

Windows CLFS zero-day exploited in ransomware attacks

A threat actor tracked as Storm-2460 has used PipeMagic malware to facilitate the attacks.

By David Jones • April 9, 2025

Over 5K Ivanti VPNs vulnerable to critical bug under attack

China-linked threat actors last month began exploiting CVE-2025-22457, a critical stack buffer-overflow flaw.

By Rob Wright • April 8, 2025