Vulnerability
-
CISA warns of hackers targeting vulnerability in Trimble Cityworks to conduct RCE
The software is widely used in projects by local governments, utilities, airports and other facilities.
By David Jones • Feb. 10, 2025 -
Microsoft warns 3K exposed ASP.NET machine keys at risk of weaponization
An unknown threat actor recently used an exposed key for code injection cyberattacks.
By Rob Wright • Feb. 7, 2025 -
AI agents spark interest, concern for businesses in 2025
Leaders have high hopes for autonomous capabilities, but adding the technology will raise the stakes for security and governance.
By Lindsey Wilkinson • Feb. 6, 2025 -
Exploitation of vulnerability in Zyxel CPE targets legacy routers
Zyxel urged users to replace their old devices with modern, supported versions.
By David Jones • Feb. 4, 2025 -
State-linked hackers deploy macOS malware in fake job interview campaign
Actors linked to North Korea bypassed Apple security using malware called FlexibleFerret.
By Robert Wright, Contributing Reporter • Feb. 4, 2025 -
The cybersecurity outlook for 2025
Threat actors are exploiting known weak points and enterprises’ dependency across the tech stack. It’s making cybersecurity professionals’ jobs harder than ever before.
By Cybersecurity Dive Staff • Feb. 3, 2025 -
FDA, CISA warn about vulnerabilities in patient health monitors
Vulnerabilities in certain Contec and Epsimed patient monitors can allow people to gain access and potentially manipulate the devices, the FDA warned.
By Nick Paul Taylor • Jan. 31, 2025 -
Attackers exploit zero-day vulnerability in Zyxel CPE devices
Researchers say the manufacturer has yet to publicly disclose or patch the flaw.
By David Jones • Jan. 29, 2025 -
SonicWall SMA 1000 series appliances left exposed on the internet
The company last week confirmed attackers are actively exploiting a critical vulnerability in the devices.
By David Jones • Jan. 28, 2025 -
Deep Dive
Network security tool defects are endemic, eroding enterprise defense
When malicious hackers exploit vulnerabilities in firewalls, VPNs and routers, it’s not the vendors that get hit — it’s their customers.
By Matt Kapko • Jan. 28, 2025 -
SonicWall warns hackers targeting critical vulnerability in SMA 1000 series appliances
Researchers from Microsoft Threat Intelligence alerted the company to suspected threat activity.
By David Jones • Jan. 27, 2025 -
Attackers lodge backdoors into Ivanti Connect Secure devices
Shadowserver scans found 379 compromised Ivanti Connect Secure devices. Researchers said the situation is serious and likely impacts more organizations.
By Matt Kapko • Jan. 24, 2025 -
Blue Yonder investigating Clop ransomware threat linked to exploited Cleo CVEs
The financially-motivated hacker was previously linked to the mass exploitation of critical vulnerabilities in MOVEit file-transfer software.
By David Jones • Jan. 17, 2025 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA pins modest security gains to performance goals program
The federal agency said the number of critical infrastructure organizations enrolled in its vulnerability scanning program nearly doubled since 2022.
By Matt Kapko • Jan. 14, 2025 -
CISA adds second BeyondTrust CVE to known exploited vulnerabilities list
Federal authorities are still working with the company to investigate a hack of Treasury Department workstations, but have not yet explained the CVEs’ specific roles in the attacks.
By David Jones • Jan. 14, 2025 -
Ivanti zero-day has researchers scrambling
Threat hunters are on high alert as 900 Ivanti Connect Secure instances remain unpatched and vulnerable to exploitation, according to Shadowserver.
By Matt Kapko • Jan. 13, 2025 -
Ivanti customers confront new zero-day with suspected nation-state nexus
The latest attacks come one year after a threat group exploited a pair of zero-days in the same Ivanti product.
By Matt Kapko • Jan. 9, 2025 -
Photo illustration by Danielle Ternes/Cybersecurity Dive; photograph by yucelyilmaz via Getty Images
CISA says hack targeting Treasury Department did not impact other federal agencies
BeyondTrust says an investigation of a December attack spree is nearing completion and SaaS instances are fully patched. Hackers used a stolen key to attack Treasury workstations.
By David Jones • Jan. 7, 2025 -
Censys researchers warn 8,600 BeyondTrust instances still exposed
As authorities investigate a December attack spree, the researchers added the caveat that not all instances are considered vulnerable.
By David Jones • Jan. 3, 2025 -
Researchers warn of active exploitation of critical Apache Struts 2 flaw
Exploitation activity was observed about a week after the CVE was disclosed.
By David Jones • Dec. 20, 2024 -
BeyondTrust customers hit by wave of attacks linked to compromised API key
The cybersecurity vendor said an attacker compromised its access-management tool and reset customer passwords.
By Matt Kapko • Dec. 20, 2024 -
Mandiant traces Cleo file-transfer exploits back to October
The threat intelligence firm observed deployment of backdoors, but has not seen mass data theft thus far.
By David Jones • Updated Dec. 19, 2024 -
Pennsylvania representative pitches bill to double cyber assistance for local water systems
The proposed legislation comes amid a surge in ransomware and state-linked attacks against U.S. water utilities.
By David Jones • Dec. 17, 2024 -
Cleo releases CVE for actively exploited flaw in file-transfer software
Researchers confirmed a new zero-day vulnerability is separate from a flaw originally disclosed in October. A notorious ransomware group linked itself to the attacks.
By David Jones • Dec. 16, 2024 -
Security community raises concern as Cleo file-transfer CVE delayed
After the company urged users to patch a critical flaw, researchers are asking about the lack of a CVE and additional guidance.
By David Jones • Dec. 13, 2024