Cybersecurity Dive
@cybersecuritydive.bsky.social
📤 139
đź“Ą 5
đź“ť 290
We provide business journalism into the most impactful news and trends shaping cybersecurity.
NIST and MITRE partner to test AI defense technology for critical infrastructure:
www.cybersecuritydive.com/news/nist-ai...
(by
@ericjgeller.com
)
loading . . .
NIST and MITRE partner to test AI defense technology for critical infrastructure
Cybersecurity News
https://www.cybersecuritydive.com/news/nist-ai-security-critical-infrastructure-mitre-center/808652/
10 days ago
0
1
0
ServiceNow to buy Armis for $7.75B:
www.cybersecuritydive.com/news/service...
(by David Jones)
loading . . .
ServiceNow to buy Armis for $7.75B
The combination yields a major player in cyber-physical security and exposure management.
https://www.cybersecuritydive.com/news/servicenow-to-buy-armis-for-775b/808623/
10 days ago
0
0
0
CISA loses key employee behind early ransomware warnings:
www.cybersecuritydive.com/news/cisa-ra...
(by
@ericjgeller.com
)
loading . . .
CISA loses key employee behind early ransomware warnings
The future of a program that has helped prevent an estimated $9 billion in economic damages is now unclear.
https://www.cybersecuritydive.com/news/cisa-ransomware-warning-program-key-employee-left/808589/
10 days ago
0
0
0
AI security is fundamentally a cloud infrastructure problem, Palo Alto Networks says:
www.cybersecuritydive.com/news/ai-secu...
(by
@ericjgeller.com
)
loading . . .
AI security is fundamentally a cloud infrastructure problem, Palo Alto Networks says
Companies should prioritize identity security and integrate cloud monitoring into the SOC, according to the security firm.
https://www.cybersecuritydive.com/news/ai-security-cloud-infrastructure-palo-alto-networks/808510/
11 days ago
0
0
0
CISA warns of continued threat activity linked to Brickstorm malware:
www.cybersecuritydive.com/news/cisa-wa...
(by David Jones)
loading . . .
CISA warns of continued threat activity linked to Brickstorm malware
Officials provide additional evidence showing the ability to maintain persistence and evade defenses.
https://www.cybersecuritydive.com/news/cisa-warns-of-continued-threat-activity-linked-to-brickstorm-malware/808499/
11 days ago
0
0
0
Rockrose Development suffers security breach affecting 47,000 people:
www.cybersecuritydive.com/news/securit...
(by Leslie Shaver)
loading . . .
Rockrose Development suffers security breach affecting 47,000 people
The New York City-based firm recently found that unauthorized individuals hacked its systems and claimed to have acquired confidential information.
https://www.cybersecuritydive.com/news/security-breach-hack-rockrose-development/808362/
14 days ago
0
0
0
Top lawmaker asks White House to address open-source software risks:
www.cybersecuritydive.com/news/open-so...
(by
@ericjgeller.com
)
loading . . .
Top lawmaker asks White House to address open-source software risks
The Senate Intelligence Committee’s chairman voiced concern about foreign adversaries tampering with code.
https://www.cybersecuritydive.com/news/open-source-security-tom-cotton-letter-white-house/808379/
14 days ago
0
1
0
Surge of credential-based hacking targets Palo Alto Networks GlobalProtect:
www.cybersecuritydive.com/news/credent...
(by David Jones)
loading . . .
Surge of credential-based hacking targets Palo Alto Networks GlobalProtect
After weeks of unusual scanning activity, the same campaign took aim at Cisco SSL VPNs.
https://www.cybersecuritydive.com/news/credential-based-hacking-palo-alto-networks/808269/
15 days ago
0
0
0
Cisco says China-linked hackers exploiting insecure setting in security products:
www.cybersecuritydive.com/news/cisco-c...
(by
@ericjgeller.com
)
loading . . .
China-linked hackers exploit insecure setting in Cisco security products
The company urged customers to immediately reconfigure affected products.
https://www.cybersecuritydive.com/news/cisco-china-cyberattacks-asyncos-configuration/808258/
15 days ago
0
0
0
NIST adds to AI security guidance with Cybersecurity Framework profile:
www.cybersecuritydive.com/news/nist-ai...
(by
@ericjgeller.com
)
loading . . .
NIST adds to AI security guidance with Cybersecurity Framework profile
Organizations have a new resource to map AI considerations onto NIST’s most famous security blueprint.
https://www.cybersecuritydive.com/news/nist-ai-cybersecurity-framework-profile/808134/
16 days ago
0
0
0
FortiGate devices targeted with malicious SSO logins:
www.cybersecuritydive.com/news/fortiga...
(by David Jones)
loading . . .
FortiGate devices targeted with malicious SSO logins
Researchers discovered threat activity less than a week after Fortinet disclosed critical vulnerabilities in multiple products.
https://www.cybersecuritydive.com/news/fortigate-devices-targeted-with-malicious-sso-logins/808132/
16 days ago
0
0
0
Russia-linked hackers breach critical infrastructure organizations via edge devices:
www.cybersecuritydive.com/news/russian...
(by
@ericjgeller.com
)
loading . . .
Russia-linked hackers breach critical infrastructure organizations via edge devices
New research offers the latest evidence that vulnerable network edge equipment is a pressing concern.
https://www.cybersecuritydive.com/news/russian-hackers-critical-infrastructure-energy-edge-devices/808005/
17 days ago
0
0
0
Cybersecurity concerns are paramount among executives in almost all roles, regions and industries:
www.cybersecuritydive.com/news/cyberse...
(by
@ericjgeller.com
)
loading . . .
Cybersecurity concerns are paramount among executives in almost all roles, regions and industries
A new survey finds widespread agreement that security is one of the biggest challenges facing companies today.
https://www.cybersecuritydive.com/news/cybersecurity-protiviti-executive-survey/807907/
18 days ago
0
1
0
CISOs view hybrid environments as best way to manage risk, compliance:
www.cybersecuritydive.com/news/cisos-h...
(by David Jones)
loading . . .
CISOs view hybrid environments as best way to manage risk, compliance
Security leaders are also focused on the convergence of IT and operational technology as business continuity becomes a major concern.
https://www.cybersecuritydive.com/news/cisos-hybrid-environments-manage-risk-cloud/807902/
18 days ago
0
0
0
React urges new patch upgrades after security researchers flag additional flaws:
www.cybersecuritydive.com/news/react-u...
(by David Jones)
loading . . .
React urges new patch upgrades after security researchers flag additional flaws
Researchers warn that critical infrastructure providers and government sites are being targeted by state-linked attackers.
https://www.cybersecuritydive.com/news/react-urges-new-patch-upgrades-after-security-researchers-flag-additional-f/807776/
21 days ago
0
0
0
CISA updates cybersecurity benchmarks for critical infrastructure organizations:
www.cybersecuritydive.com/news/cisa-cy...
(by
@ericjgeller.com
)
loading . . .
CISA updates cybersecurity benchmarks for critical infrastructure organizations
The agency streamlines and supplements goals it first issued in 2022.
https://www.cybersecuritydive.com/news/cisa-cybersecurity-performance-goals-update/807766/
21 days ago
0
1
1
Grid-scale battery energy storage systems face heightened risk of cyberattack:
www.cybersecuritydive.com/news/battery...
(by David Jones)
loading . . .
Grid-scale battery energy storage systems face heightened risk of cyberattack
Experts warn that state-linked threat groups are actively searching for ways to disrupt the industry amid growing power demand in the U.S.
https://www.cybersecuritydive.com/news/battery-energy-storage-systems-risk-cyberattack/807675/
21 days ago
0
0
0
React Server Components crisis escalates as security teams respond to compromises:
www.cybersecuritydive.com/news/react-s...
(by David Jones)
loading . . .
React Server Components crisis escalates as security teams respond to compromises
Suspected North Korean actors target users with fake IT recruitment scheme.
https://www.cybersecuritydive.com/news/react-server-components-crisis-escalates-as-security-teams-respond-to-compr/807546/
21 days ago
0
0
0
Pro-Russia hacktivists launching attacks that could damage OT:
www.cybersecuritydive.com/news/russian...
(by
@ericjgeller.com
)
loading . . .
Pro-Russia hacktivists launching attacks that could damage OT
The U.S. and its allies issued a joint alert warning that defenders should take the hackers seriously, despite the attackers’ pattern of exaggerating their actual impact.
https://www.cybersecuritydive.com/news/russian-hacktivists-critical-infrastructure-remote-access-advisory/807493/
23 days ago
0
0
0
Majority of global firms plan to boost cyber spending in 2026:
www.cybersecuritydive.com/news/global-...
(by David Jones)
loading . . .
Majority of global firms plan to boost cyber spending in 2026
A report by Marsh shows companies are also focused on third-party risk mitigation.
https://www.cybersecuritydive.com/news/global-firms-boost-cyber-spending-2026/807413/
24 days ago
0
0
0
Initial access brokers involved in more attacks, including on critical infrastructure:
www.cybersecuritydive.com/news/initial...
(by
@ericjgeller.com
)
loading . . .
Initial access brokers involved in more attacks, including on critical infrastructure
A research firm also finds nation-states aligning their cyberattacks more closely with geostrategic goals.
https://www.cybersecuritydive.com/news/initial-access-brokers-check-point/807315/
25 days ago
0
0
0
Ransomware peaked in 2023 prior to law enforcement actions:
www.cybersecuritydive.com/news/ransomw...
(by David Jones)
loading . . .
Ransomware peaked in 2023 prior to law enforcement actions
U.S. Treasury report shows drop in threat activity in the wake of aggressive takedown efforts.
https://www.cybersecuritydive.com/news/ransomware-peaked-2023-enforcement-decrease/807291/
25 days ago
0
0
0
Major drug research company confirms cyberattack compromised employee and partner data:
www.cybersecuritydive.com/news/inotiv-...
(by
@ericjgeller.com
)
loading . . .
Major drug research company confirms cyberattack compromised employee and partner data
Indiana-based Inotiv said it was still evaluating the hack’s impact on its business.
https://www.cybersecuritydive.com/news/inotiv-confirm-cyberattack-data-theft/807277/
25 days ago
0
1
0
US, allies urge critical infrastructure operators to carefully plan and oversee AI use:
www.cybersecuritydive.com/news/ai-crit...
(by
@ericjgeller.com
)
loading . . .
US, allies urge critical infrastructure operators to carefully plan and oversee AI use
New guidance attempts to temper companies’ enthusiasm for the latest exciting technology.
https://www.cybersecuritydive.com/news/ai-critical-infrastructure-government-guidance/807052/
29 days ago
0
0
0
Critical vulnerabilities found in React and Next.js:
www.cybersecuritydive.com/news/critica...
(by David Jones)
loading . . .
Critical vulnerabilities found in React and Next.js
Researchers warn the flaws can be easily leveraged to achieve full remote code execution.
https://www.cybersecuritydive.com/news/critical-vulnerabilities-found-in-react-and-nextjs/807016/
29 days ago
0
0
0
Lawmakers question White House on strategy for countering AI-fueled hacks:
www.cybersecuritydive.com/news/ai-anth...
(by
@ericjgeller.com
)
loading . . .
Lawmakers question White House on strategy for countering AI-fueled hacks
The Trump administration has said little about how it will prevent hackers from abusing AI.
https://www.cybersecuritydive.com/news/ai-anthropic-cyberattack-senate-letter-white-house/807044/
29 days ago
0
0
0
CISA eliminates pay incentives as it changes how it retains top cyber talent:
www.cybersecuritydive.com/news/cisa-el...
(by
@ericjgeller.com
)
loading . . .
CISA eliminates pay incentives as it changes how it retains top cyber talent
The agency is scrapping a program that auditors described as poorly managed as it expands another recruitment tool.
https://www.cybersecuritydive.com/news/cisa-eliminate-cyber-pay-incentives-ctms/806981/
30 days ago
0
0
0
www.cybersecuritydive.com/news/ddos-ri...
loading . . .
DDoS attack volume rises in Q3 as Aisuru botnet fuels record- setting attacks
A report by Cloudflare also shows a surge in attacks targeting AI companies.
https://www.cybersecuritydive.com/news/ddos-rises-q3-aisuru-botnet-record-attack/806922/
about 1 month ago
0
0
0
Leading surveillance camera vendor signs CISA’s product-security pledge:
www.cybersecuritydive.com/news/surveil...
(by
@ericjgeller.com
)
loading . . .
Leading surveillance camera vendor signs CISA’s product-security pledge
Axis Communications is the first major surveillance camera maker to vow to adhere to CISA’s security guidelines.
https://www.cybersecuritydive.com/news/surveillance-camera-axis-signs-cisa-security-pledge/806907/
about 1 month ago
0
0
0
Senators push to renew cyber grant program for state, local governments:
www.cybersecuritydive.com/news/state-l...
(by
@ericjgeller.com
)
loading . . .
Senators push to renew cyber grant program for state, local governments
Security experts and local officials say the program is vital to protecting the country.
https://www.cybersecuritydive.com/news/state-local-cybersecurity-grant-program-senators-introduce-reauthorization/806784/
about 1 month ago
0
0
0
Fortinet FortiWeb flaws found in unsupported versions of web application firewall:
www.cybersecuritydive.com/news/fortine...
(by David Jones)
loading . . .
Fortinet FortiWeb flaws found in unsupported versions of web application firewall
Security researchers raise new concerns after the company previously failed to issue prompt security guidance.
https://www.cybersecuritydive.com/news/fortinet-fortiweb-flaws-found-in-unsupported-versions-of-web-application-fi/806791/
about 1 month ago
0
0
0
Hackers ready threat campaign aimed at Zendesk environments:
www.cybersecuritydive.com/news/hackers...
(by David Jones)
loading . . .
Hackers ready threat campaign aimed at Zendesk environments
Researchers warn that hackers linked to recent social engineering attacks are targeting customer service environments.
https://www.cybersecuritydive.com/news/hackers-threat-campaign-zendesk-environments/806666/
about 1 month ago
0
0
0
European police dismantle cryptocurrency mixer that laundered $1.5 billion for ransomware gangs, other criminals:
www.cybersecuritydive.com/news/cryptoc...
(by
@ericjgeller.com
)
loading . . .
European police dismantle cryptocurrency mixer that laundered $1.5 billion for ransomware gangs, other criminals
Authorities have spent years trying to cripple the ecosystem that helps hackers hide their profits.
https://www.cybersecuritydive.com/news/cryptocurrency-mixer-europe-shut-down-germany-switzerland/806653/
about 1 month ago
0
0
0
Thanksgiving holiday weekend kicks off heightened threat environment for security teams:
www.cybersecuritydive.com/news/thanksg...
(by David Jones)
loading . . .
Thanksgiving holiday weekend kicks off heightened threat environment for security teams
As workers take family time and consumers race for Black Friday discounts, hackers gain an advantage to penetrate vulnerable corporate perimeters.
https://www.cybersecuritydive.com/news/thanksgiving-holiday-threat-environment-cyber/806585/
about 1 month ago
0
0
0
Gainsight CEO promises transparency as it responds to compromise of Salesforce integration:
www.cybersecuritydive.com/news/gainsig...
(by David Jones)
loading . . .
Gainsight CEO promises transparency as it responds to compromise of Salesforce integration
The company has been in regular contact with customers, and says only a handful have seen data directly impacted.
https://www.cybersecuritydive.com/news/gainsight-ceo-transparency-responds-salesforce/806564/
about 1 month ago
0
1
0
Microsoft tightens cloud login process to prevent common attack:
www.cybersecuritydive.com/news/microso...
(by
@ericjgeller.com
)
loading . . .
Microsoft tightens cloud login process to prevent common attack
Hackers have spent decades exploiting a ubiquitous type of vulnerability. Microsoft is trying to change that.
https://www.cybersecuritydive.com/news/microsoft-change-cloud-login-entra-id-xss/806556/
about 1 month ago
0
0
0
CISA urges mobile security as it warns of sophisticated spyware attacks:
www.cybersecuritydive.com/news/cisa-sp...
(by
@ericjgeller.com
)
loading . . .
CISA urges mobile security as it warns of sophisticated spyware attacks
The agency’s rare warning about spyware activity comes as it updated mobile security guidance to reflect evolving threats.
https://www.cybersecuritydive.com/news/cisa-spyware-alert-messaging-apps-security-warning/806429/
about 1 month ago
0
0
0
Russia-aligned hackers target US company in attack linked to Ukraine war effort:
www.cybersecuritydive.com/news/russia-...
(by David Jones)
loading . . .
Russia-aligned hackers target US company in attack linked to Ukraine war effort
A threat group called RomCom has a history of cyberattacks against entities connected to the conflict.
https://www.cybersecuritydive.com/news/russia-hackers-us-company-attack-ukraine-war/806423/
about 1 month ago
0
0
0
Gainsight says additional applications put on hold after Salesforce customers breached:
www.cybersecuritydive.com/news/gainsig...
(by David Jones)
loading . . .
Gainsight says additional applications put on hold after Salesforce customers breached
The company said that Zendesk and Hubspot integrations have been deactivated as the probe continues.
https://www.cybersecuritydive.com/news/gainsight-applications-hold-salesforce/806277/
about 1 month ago
0
0
0
Hackers steal sensitive data from major banking industry vendor:
www.cybersecuritydive.com/news/bank-ve...
(by
@ericjgeller.com
)
loading . . .
Hackers steal sensitive data from major banking industry vendor
The incident highlights how supply-chain compromises threaten even well-defended industries.
https://www.cybersecuritydive.com/news/bank-vendor-cyberattack-supply-chain/806293/
about 1 month ago
0
0
0
Startup firm called Factory disrupts campaign designed to hijack development platform:
www.cybersecuritydive.com/news/factory...
(by David Jones)
loading . . .
Startup firm called Factory disrupts campaign designed to hijack development platform
The AI-based firm intercepted a state-linked operation that was abusing resources as part of a criminal cyber-fraud network.
https://www.cybersecuritydive.com/news/factory-disrupts-campaign-AI-development-platform/806180/
about 1 month ago
0
0
0
SEC drops civil fraud case against SolarWinds:
www.cybersecuritydive.com/news/sec-dro...
(by David Jones)
loading . . .
SEC drops civil fraud case against SolarWinds
Cybersecurity and legal experts had considered the case a potential precedent-setter for risk disclosure.
https://www.cybersecuritydive.com/news/sec-drops-civil-fraud-case-solarwinds/806126/
about 1 month ago
0
0
0
Salesforce investigating campaign targeting customer environments connected to Gainsight app
www.cybersecuritydive.com/news/salesfo...
(by David Jones)
loading . . .
Salesforce investigating campaign targeting customer environments connected to Gainsight app
Researchers warn that ShinyHunters has been compromising OAuth tokens to gain potential access to customer data.
https://www.cybersecuritydive.com/news/salesforce-investigating-customer-connected-Gainsight/806093/
about 1 month ago
0
0
0
FCC eliminates cybersecurity requirements for telecom companies:
www.cybersecuritydive.com/news/fcc-eli...
(by
@ericjgeller.com
)
loading . . .
FCC eliminates cybersecurity requirements for telecom companies
Commissioners sharply disagreed over whether the rules were appropriate and necessary.
https://www.cybersecuritydive.com/news/fcc-eliminates-telecom-cybersecurity-requirements/806052/
about 1 month ago
1
1
1
Researchers warn command injection flaw in Fortinet FortiWeb is under exploitation:
www.cybersecuritydive.com/news/command...
(by David Jones)
loading . . .
Researchers warn command injection flaw in Fortinet FortiWeb is under exploitation
The medium severity vulnerability can be chained together with a critical flaw in the same product, which could help attackers gain additional capabilities.
https://www.cybersecuritydive.com/news/command-injection-flaw-fortinet-fortiweb-exploitation/806027/
about 1 month ago
0
0
0
Record-breaking DDoS attack against Microsoft Azure mitigated:
www.cybersecuritydive.com/news/record-...
(by David Jones)
loading . . .
Record-breaking DDoS attack against Microsoft Azure mitigated
The attack was linked to the Aisuru botnet, which targets compromised home routers and cameras.
https://www.cybersecuritydive.com/news/record-ddos-attack-microsoft-azure/805886/
about 1 month ago
0
0
0
US, allies sanction Russian bulletproof hosting firm:
www.cybersecuritydive.com/news/russian...
(by
@ericjgeller.com
)
loading . . .
US, allies sanction Russian bulletproof hosting firm
Authorities say the company helped ransomware gangs and supported DDoS attacks.
https://www.cybersecuritydive.com/news/russian-bulletproof-hosting-company-sanctions-us-australia-uk/805911/
about 1 month ago
0
0
0
FCC plan to scrap telecom cyber rules draws congressional backlash:
www.cybersecuritydive.com/news/fcc-tel...
(by
@ericjgeller.com
)
loading . . .
FCC plan to scrap telecom cyber rules draws congressional backlash
A prominent U.S. senator wants the commission to rethink its plans.
https://www.cybersecuritydive.com/news/fcc-telecom-regulation-reversal-cantwell-letter/805906/
about 1 month ago
0
0
1
Hackers increasingly target operational technology, with manufacturing sector bearing the brunt:
www.cybersecuritydive.com/news/operati...
(by @ericjgeller.com)
loading . . .
Hackers increasingly target operational technology, with manufacturing sector bearing the brunt
Companies should segment and monitor their networks to prevent hackers from crossing over from IT to OT, a new report said.
https://www.cybersecuritydive.com/news/operational-technology-cyberattacks-trellix/805693/
about 1 month ago
0
1
0
Trump’s cyber strategy will emphasize deterring adversaries, consulting industry:
www.cybersecuritydive.com/news/trump-a...
(by
@ericjgeller.com
)
loading . . .
Trump’s cyber strategy will emphasize deterring adversaries, consulting industry
Cyberattacks on the U.S. are “becoming more aggressive every passing day,” the national cyber director says.
https://www.cybersecuritydive.com/news/trump-administration-national-cyber-strategy-preview-sean-cairncross-aspen/805782/
about 2 months ago
0
0
0
Load more
feeds!
log in
