Proof-of-concept exploit released for 4 Ivanti vulnerabilities

Critical flaws in Ivanti Endpoint Manager were initially disclosed and patched last month.

By Rob Wright • Updated Feb. 20, 2025

SonicWall authentication flaw under threat of active exploitation

Weeks after the company released a patch, researchers warn the CVE is being targeted by threat actors.

By David Jones • Feb. 19, 2025

Phishing campaign targets Microsoft device-code authentication flows

Russian state-sponsored hackers have attacked enterprises and government agencies in North America and overseas.

By Rob Wright • Feb. 18, 2025

Palo Alto Networks warns firewall vulnerability is under active exploitation

The flaw, when chained together with a prior vulnerability, can allow an attacker to gain access to unpatched firewalls.

By David Jones • Feb. 18, 2025

FBI, CISA warn hackers abusing buffer overflow CVEs to launch attacks

The agencies are urging manufacturers to shift development practices through the use of memory safe code.

By David Jones • Feb. 13, 2025

China-backed hackers continue cyberattacks on telecom companies

Salt Typhoon threat actors compromised Cisco edge devices by exploiting older vulnerabilities.

By Rob Wright • Feb. 13, 2025

VeraCore zero-day vulnerabilities exploited in supply chain attacks

Cybercriminals maintained access to one victim organization for more than four years.

By Rob Wright • Feb. 11, 2025

CISA warns of hackers targeting vulnerability in Trimble Cityworks to conduct RCE

The software is widely used in projects by local governments, utilities, airports and other facilities.

By David Jones • Feb. 10, 2025

Microsoft warns 3K exposed ASP.NET machine keys at risk of weaponization

An unknown threat actor recently used an exposed key for code injection cyberattacks. 

By Rob Wright • Feb. 7, 2025

AI agents spark interest, concern for businesses in 2025

Leaders have high hopes for autonomous capabilities, but adding the technology will raise the stakes for security and governance.

By Lindsey Wilkinson • Feb. 6, 2025

Exploitation of vulnerability in Zyxel CPE targets legacy routers

Zyxel urged users to replace their old devices with modern, supported versions.

By David Jones • Feb. 4, 2025

State-linked hackers deploy macOS malware in fake job interview campaign

Actors linked to North Korea bypassed Apple security using malware called FlexibleFerret.

By Robert Wright, Contributing Reporter • Feb. 4, 2025

The cybersecurity outlook for 2025

Threat actors are exploiting known weak points and enterprises’ dependency across the tech stack. It’s making cybersecurity professionals’ jobs harder than ever before. 

By Cybersecurity Dive Staff • Feb. 3, 2025

FDA, CISA warn about vulnerabilities in patient health monitors

Vulnerabilities in certain Contec and Epsimed patient monitors can allow people to gain access and potentially manipulate the devices, the FDA warned.

By Nick Paul Taylor • Jan. 31, 2025

Attackers exploit zero-day vulnerability in Zyxel CPE devices

Researchers say the manufacturer has yet to publicly disclose or patch the flaw.

By David Jones • Jan. 29, 2025

SonicWall SMA 1000 series appliances left exposed on the internet

The company last week confirmed attackers are actively exploiting a critical vulnerability in the devices. 

By David Jones • Jan. 28, 2025

Network security tool defects are endemic, eroding enterprise defense

When malicious hackers exploit vulnerabilities in firewalls, VPNs and routers, it’s not the vendors that get hit — it’s their customers.

By Matt Kapko • Jan. 28, 2025

SonicWall warns hackers targeting critical vulnerability in SMA 1000 series appliances

Researchers from Microsoft Threat Intelligence alerted the company to suspected threat activity.

By David Jones • Jan. 27, 2025

Attackers lodge backdoors into Ivanti Connect Secure devices

Shadowserver scans found 379 compromised Ivanti Connect Secure devices. Researchers said the situation is serious and likely impacts more organizations.

By Matt Kapko • Jan. 24, 2025

Blue Yonder investigating Clop ransomware threat linked to exploited Cleo CVEs

The financially-motivated hacker was previously linked to the mass exploitation of critical vulnerabilities in MOVEit file-transfer software.

By David Jones • Jan. 17, 2025

CISA pins modest security gains to performance goals program

The federal agency said the number of critical infrastructure organizations enrolled in its vulnerability scanning program nearly doubled since 2022.

By Matt Kapko • Jan. 14, 2025

CISA adds second BeyondTrust CVE to known exploited vulnerabilities list

Federal authorities are still working with the company to investigate a hack of Treasury Department workstations, but have not yet explained the CVEs’ specific roles in the attacks.

By David Jones • Jan. 14, 2025

Ivanti zero-day has researchers scrambling

Threat hunters are on high alert as 900 Ivanti Connect Secure instances remain unpatched and vulnerable to exploitation, according to Shadowserver.

By Matt Kapko • Jan. 13, 2025

Ivanti customers confront new zero-day with suspected nation-state nexus

The latest attacks come one year after a threat group exploited a pair of zero-days in the same Ivanti product.

By Matt Kapko • Jan. 9, 2025

CISA says hack targeting Treasury Department did not impact other federal agencies

BeyondTrust says an investigation of a December attack spree is nearing completion and SaaS instances are fully patched. Hackers used a stolen key to attack Treasury workstations.

By David Jones • Jan. 7, 2025