News

News

• April 04, 2025 04 Apr'25

  Trends at the 2024 RSAC startup competition

  Startups at Innovation Sandbox 2024 brought clarity to artificial intelligence, protecting data from AI and accomplishing novel security solutions with new models.

• April 04, 2025 04 Apr'25

  RSAC Conference 2025 Innovation Sandbox contest celebrates 20th anniversary

  Starting in 2025, the RSAC Innovation Sandbox Top 10 Finalists will each receive a $5 million investment to drive cybersecurity innovation.

• March 28, 2025 28 Mar'25

  News brief: China-linked APTs and Russian access broker

  Check out the latest security news from the Informa TechTarget team.

• March 20, 2025 20 Mar'25

  Cloudflare unveils tools for safeguarding AI deployment

  The cybersecurity vendor's new suite helps businesses, developers and content creators deploy AI technology at scale safely and securely.

• February 28, 2025 28 Feb'25

  Microsoft targets AI deepfake cybercrime network in lawsuit

  Microsoft alleges that defendants used stolen Azure OpenAI API keys and special software to bypass content guardrails and generate illicit AI deepfakes for payment.

• February 27, 2025 27 Feb'25

  FBI: Lazarus Group behind $1.5 billion Bybit heist

  Researchers say the heist, in which North Korean state-sponsored hackers stole funds from a cold wallet, is the biggest theft in the history of the cryptocurrency industry.

• February 27, 2025 27 Feb'25

  CrowdStrike: China hacking has reached 'inflection point'

  In its 2025 Global Threat Report, CrowdStrike observed an increase in China's cyber capabilities, with a focus on espionage and 'pre-positioning' itself in critical environments.

• February 26, 2025 26 Feb'25

  NCC Group tracks alarming ransomware surge in January

  NCC Group found ransomware activity in January surpassed previous monthly highs with 590 attacks, as one notorious gang experienced a notable resurgence.

• February 25, 2025 25 Feb'25

  Black Basta ransomware leak sheds light on targets, tactics

  VulnCheck found the ransomware gang targeted CVEs in popular enterprise products from Microsoft, Citrix, Cisco, Fortinet, Palo Alto Networks, Confluence Atlassian and more.

• February 25, 2025 25 Feb'25

  Dragos: Ransomware attacks against industrial orgs up 87%

  Ransomware attacks continue to be a major pain point for industrial organizations, as the sector has historically struggled with vulnerability management.

• February 24, 2025 24 Feb'25

  Apple pulls Advanced Data Protection in UK, sparking concerns

  Privacy and security concerns mount, as Apple pulls the end-to-end encryption feature for users located in the U.K. following pressures from the government.

• February 21, 2025 21 Feb'25

  Palo Alto Networks vulnerabilities exploited in chained attack

  The cybersecurity vendor urges customers to take immediate action to mitigate recently disclosed vulnerabilities that are being actively exploited in the wild.

• February 20, 2025 20 Feb'25

  Risk & Repeat: Salt Typhoon hasn't stopped hacking

  Although the Salt Typhoon telecom breaches from last year appear to have been remediated, the Chinese state-sponsored threat group continues to target critical organizations.

• February 20, 2025 20 Feb'25

  CISA, FBI warn of Ghost/Cring ransomware attacks

  Ghost is a China-based financially motivated ransomware group that has launched attacks against organizations in more than 70 countries -- including its own.

• February 18, 2025 18 Feb'25

  Palo Alto Networks PAN-OS vulnerability exploited in the wild

  Palo Alto Networks says threat actors used a publicly available PoC exploit in attack attempts against firewall customers with PAN-OS management interfaces exposed to the internet.

• February 13, 2025 13 Feb'25

  Salt Typhoon compromises telecom providers' Cisco devices

  Salt Typhoon's latest campaign exploits older vulnerabilities in Cisco edge devices to gain access to the networks of several telecom companies, including two based in the U.S.

• February 12, 2025 12 Feb'25

  Fortinet discloses second authentication bypass vulnerability

  Fortinet disclosed CVE-2025-24472 in an updated advisory that confused some in the infosec community because it stated that 'reports show this is being exploited in the wild.'

• February 11, 2025 11 Feb'25

  Apple zero day used in 'extremely sophisticated attack'

  CVE-2025-24200 is a zero-day vulnerability that bypasses Apple's USB Restricted Mode in iPhones and iPads and was exploited in the wild against 'specific targeted individuals.'

• February 10, 2025 10 Feb'25

  Trimble Cityworks zero-day flaw under attack, patch now

  CVE-2025-0994 is a high-severity deserialization vulnerability that enables remote code execution in unpatched versions of Cityworks enterprise asset management software.

• February 07, 2025 07 Feb'25

  Ransomware hits healthcare, critical services in January

  Ransomware attacks against healthcare organizations in January reflect an increasing need for threat actors to adapt and get aggressive as defenders improve.

• February 06, 2025 06 Feb'25

  Unpatched.ai: Who runs the vulnerability discovery platform?

  There is limited information on the AI-powered vulnerability discovery platform that emerged in December after it reported Microsoft vulnerabilities

• February 05, 2025 05 Feb'25

  Zyxel won't patch end-of-life routers against zero-day attacks

  Networking hardware vendor Zyxel has no plans to patch multiple end-of-life routers against new zero-day flaws and advises customers to replace affected devices entirely.

• February 05, 2025 05 Feb'25

  Chainalysis records 35% decrease in ransom payments in 2024

  While the first half of 2024 was on pace to surpass 2023's record-setting numbers, Chainalysis found that the volume of ransom payments dropped in the second half of the year.

• February 04, 2025 04 Feb'25

  AMD, Google disclose Zen processor microcode vulnerability

  AMD said CVE-2024-56161, which first leaked last month, requires an attacker to have local administrator privileges as well as developed and executed malicious microcode.

• February 04, 2025 04 Feb'25

  WatchTowr warns abandoned S3 buckets pose supply chain risk

  WatchTowr researchers found that they could reregister abandoned Amazon S3 buckets and detail alarming ways that threat actors could exploit the attack surface.

• February 03, 2025 03 Feb'25

  NSFocus: DeepSeek AI hit with 'well planned' DDoS attacks

  Cybersecurity vendor NSFocus said AI startup DeepSeek endured multiple waves of DDoS attacks from attackers since its reasoning model was released Jan. 20.

• January 30, 2025 30 Jan'25

  Risk & Repeat: DeepSeek security issues emerge

  The introduction of DeepSeek's new generative AI models has been met with fervor, but security issues have created apparent challenges for the Chinese startup.

• January 30, 2025 30 Jan'25

  Wiz reveals DeepSeek database exposed API keys, chat history

  Wiz expressed concern about security shortcomings with AI tools and services amid the rapid adoption and rising popularity of offerings like DeepSeek-R1.

• January 30, 2025 30 Jan'25

  German police disrupt Cracked, Nulled cybercrime forums

  Cracked and Nulled had a combined community of approximately 10 million users who used the sites to discuss cybercrime and sell malware and hacking tools.

• January 29, 2025 29 Jan'25

  Google details adversarial AI activity on Gemini

  Google identified APTs from more than 20 nations misusing its Gemini AI chatbot but noted that threat actors were unsuccessful in finding novel techniques or vulnerabilities.

• January 28, 2025 28 Jan'25

  DeepSeek claims 'malicious attacks' disrupting AI service

  DeepSeek, which gained popularity recently for its AI platform, did not specify the cause of 'large-scale malicious attacks,' which continue to disrupt new account registrations.

• January 28, 2025 28 Jan'25

  Apple zero-day vulnerability under attack on iOS devices

  Apple said the zero-day vulnerability, tracked as CVE-2025-24085, affects its CoreMedia framework and 'may have been actively exploited against versions of iOS before iOS 17.2.'

• January 27, 2025 27 Jan'25

  Former CSRB members largely silent on dismissal

  The Cyber Safety Review Board was investigating recent attacks by Chinese state-sponsored threat actor Salt Typhoon when DHS terminated all advisory board memberships.

• January 24, 2025 24 Jan'25

  DOJ indicts 5 individuals in North Korea IT worker scam

  An unsealed indictment revealed threat actors working for North Korea tricked at least 64 U.S. businesses into hiring fake IT workers for financial and propriety data gains.

• January 24, 2025 24 Jan'25

  AMD processor vulnerability inadvertently leaked early

  The flaw was revealed when hardware manufacturer Asus published a patch for an 'AMD Microcode Signature Verification Vulnerability' to a gaming motherboard update page.

• January 23, 2025 23 Jan'25

  Zero-day vulnerability in SonicWall SMA series under attack

  SonicWall released a hotfix for a critical pre-authentication remote code execution vulnerability in Secure Mobile Access 1000 products amidst reports of zero-day exploitation.

• January 23, 2025 23 Jan'25

  Eclypsium finds security issues in Palo Alto Networks NGFWs

  Eclypsium researchers stressed how essential supply chain security is as threat actors increasingly target and exploit vulnerabilities in firewalls, VPNs and other edge devices.

• January 22, 2025 22 Jan'25

  Cyber Safety Review Board axed in DHS cost-cutting move

  Benjamine C. Huffman, acting secretary of the Department of Homeland Security under Trump, terminates the memberships for all DHS advisory committees, including the CSRB.

• January 21, 2025 21 Jan'25

  Risk & Repeat: What is the future of CISA?

  South Dakota Gov. Kristi Noem, who is President Donald Trump's nominee for DHS secretary, said during a recent confirmation hearing that CISA should be 'smaller.'

• January 21, 2025 21 Jan'25

  Threat actors abusing Microsoft Teams in ransomware attacks

  Sophos researchers observed two separate threat campaigns in which attackers used Microsoft Teams to pose as IT support personnel and gain access to victims' systems.

• January 17, 2025 17 Jan'25

  Treasury Department sanctions company tied to Salt Typhoon

  The sanctions were in response to significant cyberattacks by Chinese nation-state threat groups against the U.S. government and critical infrastructure in recent months.

• January 16, 2025 16 Jan'25

  Tech industry experts digest cybersecurity executive order

  IT pros assess a last-minute cybersecurity executive order with new directives on a broad swath of topics, from cybercriminal sanctions to AI and identity management.

• January 16, 2025 16 Jan'25

  Threat actor publishes data of 15K hacked FortiGate firewalls

  Although the threat actor published the alleged stolen Fortinet FortiGate firewall data this week, the data is apparently tied to older zero-day exploitation from 2022.

• January 16, 2025 16 Jan'25

  The mystery of the $75M ransom payment to Dark Angels

  The Dark Angels gang stole 100 TB of data from a Fortune 50 company last year for a record-setting ransom payment. But the victim organization still hasn't disclosed those details.

• January 16, 2025 16 Jan'25

  ESET details UEFI Secure Boot bypass vulnerability

  ESET researchers last year discovered an unsigned binary in a third-party UEFI application that could have been abused to bypass the Secure Boot process.

• January 15, 2025 15 Jan'25

  FBI removes Chinese PlugX malware from 4,258 U.S. computers

  The FBI did not inform individuals that it deleted PlugX malware from users' computers beforehand, citing the possibility of Chinese state-sponsored hackers making adjustments.

• January 14, 2025 14 Jan'25

  Attackers exploiting critical Fortinet zero-day vulnerability

  Fortinet disclosed another zero-day vulnerability in its FortiOS and FortiProxy products days after Arctic Wolf detailed a threat campaign targeting the vendor's devices.

• January 14, 2025 14 Jan'25

  CISA: BeyondTrust flaw CVE-2024-12686 exploited in the wild

  BeyondTrust discovered the flaw last month while investigating breaches of a 'limited number' of SaaS customers at the hands of Chinese state-sponsored threat actors.

• January 14, 2025 14 Jan'25

  Ivanti zero-day patching increases amid ongoing attacks

  Recent scans conducted by the Shadowserver Foundation show many organizations have patched Ivanti instances vulnerable to CVE-2025-0282 over the last week.

• January 09, 2025 09 Jan'25

  Experts optimistic on FCC's Cyber Trust Mark for IoT devices

  The launch of the FCC's U.S. Cyber Trust Mark label for IoT devices will include internet-connected home security cameras, smart home appliances, baby monitors and more.

• January 09, 2025 09 Jan'25

  Mandiant links Ivanti zero-day exploitation to Chinese hackers

  Mandiant warned users to be prepared for widespread exploitation of CVE-2025-0282 as Ivanti products have become a popular target for attackers in recent years.

• January 09, 2025 09 Jan'25

  December ransomware attacks slam healthcare, public services

  In December, one victim organization paid a $1.5 million ransom to restore services, while another continued to experience disruptions for more than one month following an attack.

• January 08, 2025 08 Jan'25

  Critical Ivanti Connect Secure zero-day flaw under attack

  Although Ivanti has seen exploitation of CVE-2025-0282 in only Ivanti Connect Secure instances, Ivanti Policy Secure and ZTA gateways are also vulnerable to the flaw.

• January 07, 2025 07 Jan'25

  CISA: BeyondTrust breach affected Treasury Department only

  The government cybersecurity agency says fallout from a breach against BeyondTrust last month has not affected other federal agencies, although the investigation is ongoing.

• January 06, 2025 06 Jan'25

  Amit Yoran, Tenable CEO and cybersecurity advocate, dies at 54

  Amit Yoran was a decades-long practitioner of cybersecurity and previously held key roles at the U.S. Department of Homeland Security, RSA Security and NetWitness.

• January 02, 2025 02 Jan'25

  Dozens of Chrome extensions hacked in threat campaign

  Although data security vendor Cyberhaven disclosed that its Chrome extension was compromised on Dec. 24, additional research suggests the broader campaign could be months older.

• December 31, 2024 31 Dec'24

  Treasury Department breached through BeyondTrust service

  The Treasury Department said Chinese government hackers gained access to a key for BeyondTrust's Remote Support service and used it to breach the federal agency.

• December 30, 2024 30 Dec'24

  10 of the biggest ransomware attacks in 2024

  Ransomware attacks against U.S. organizations in 2024 disrupted healthcare systems, supply chains and government services and led to tens of millions of dollars in ransom payments.

• December 23, 2024 23 Dec'24

  Risk & Repeat: The state of ransomware in 2024

  Ransomware made major headlines in 2024, from the massive Change Healthcare attack to the creative takedown of the notorious LockBit ransomware-as-a-service gang.

• December 23, 2024 23 Dec'24

  10 of the biggest cybersecurity stories of 2024

  Some of the biggest stories of the year include a massive IT outage, a record-setting ransom payment and devastating breaches at several U.S. telecommunications companies.

• December 19, 2024 19 Dec'24

  BeyondTrust SaaS instances breached in cyberattack

  BeyondTrust, a privileged access management vendor, patched two vulnerabilities this week after attackers compromised SaaS instances for a 'limited number' of customers.

• December 18, 2024 18 Dec'24

  CISA issues mobile security guidance following China hacks

  Following the Salt Typhoon attacks, CISA offers advice to 'highly targeted' individuals, such as using end-to-end encryption and moving away from purely SMS-based MFA.

• December 16, 2024 16 Dec'24

  Blackberry sells Cylance to Arctic Wolf for $160M

  After exiting the mobile device market, Blackberry acquired Cylance for $1.4 billion in 2018 to expand its presence in enterprise security.

• December 16, 2024 16 Dec'24

  Cleo zero-day vulnerability gets CVE as attacks continue

  The new Cleo zero-day vulnerability, CVE-2024-55956, is separate from CVE-2024-50623 despite both vulnerabilities being used by threat actors to target the same endpoints.

• December 16, 2024 16 Dec'24

  ESET: RansomHub most active ransomware group in H2 2024

  The antimalware vendor says law enforcement operations against the LockBit ransomware gang were successful, but a new prolific group has emerged in its place.

• December 13, 2024 13 Dec'24

  Risk & Repeat: Attacks ramp up on Cleo MFT software

  Earlier this week, threat actors began exploiting a zero-day vulnerability in Cleo's managed file transfer products, but the details of the flaw remain unclear.

• December 12, 2024 12 Dec'24

  Cleo patches file transfer zero-day flaw under attack

  Cleo published a patch for its Harmony, VLTrader and LexiCom managed file transfer products, which addresses a 'critical vulnerability' that's separate from CVE-2024-50623.

• December 12, 2024 12 Dec'24

  Aqua Security warns of significant risks in Prometheus stack

  The cloud security vendor called on Prometheus to provide users with additional safeguards to protect against misconfigurations discovered in the open source monitoring tool.

• December 10, 2024 10 Dec'24

  Citrix NetScaler devices targeted in brute force campaign

  Citrix advised NetScaler customers to ensure that their devices are fully updated and properly configured to defend against the recent spike in brute force attacks.

• December 10, 2024 10 Dec'24

  Microsoft enhanced Recall security, but will it be enough?

  Microsoft's controversial Recall feature began rolling out to certain Windows Insiders with Copilot+ PCs in November, with more expected to participate this month.

• December 09, 2024 09 Dec'24

  Attackers exploit vulnerability in Cleo file transfer software

  Cleo disclosed and patched the remote code execution vulnerability in late October, but managed file transfer products have proved to be popular targets for threat actors.

• December 06, 2024 06 Dec'24

  Ultralytics YOLO AI model compromised in supply chain attack

  While Ultralytics has not released an official security advisory, the company pulled two recent versions of its YOLO11 AI model after reports said they contained a cryptominer.

• December 05, 2024 05 Dec'24

  Police bust cybercrime marketplace, phishing network

  As part of Europol's announcement of the cybercriminal marketplace's disruption, the agency included an image of a takedown notice referencing the 'Manson Market.'

• December 04, 2024 04 Dec'24

  FBI: Criminals using AI to commit fraud 'on a larger scale'

  As AI technology becomes more widely adopted, attackers are abusing it for their scams, which the FBI says are becoming increasingly more difficult to detect.

• December 04, 2024 04 Dec'24

  FOSS security concerns increase amid widespread adoption

  A new report from the Linux Foundation, OpenSSF and Harvard University calls for transparency and standardization to address growing security risks in open source software.

• December 03, 2024 03 Dec'24

  Ransomware attacks on critical sectors ramped up in November

  Supply chain software vendor Blue Yonder and energy management giant Schneider Electric SE experienced some of the most notable ransomware incidents in November.

• December 02, 2024 02 Dec'24

  AWS launches automated service for incident response

  AWS Security Incident Response, which launched ahead of the re:Invent 2024 conference this week, can automatically triage and remediate events detected in Amazon GuardDuty.

• November 26, 2024 26 Nov'24

  New York fines Geico, Travelers $11.3M over data breaches

  The two insurance giants were fined millions by New York state regulators and are required to enhance security protocols around authentication and penetration testing.

• November 26, 2024 26 Nov'24

  Russian hackers exploit Firefox, Windows zero-days in wild

  RomCom threat actors chain two Firefox and Windows zero-day vulnerabilities together in order to execute arbitrary code in vulnerable Mozilla browsers.

• November 26, 2024 26 Nov'24

  AWS CISO details automated cybersecurity tools for customers

  Chris Betz, CISO at AWS, discusses how three internal tools are designed to automatically identify and mitigate threats for the cloud giant's customers.

• November 22, 2024 22 Nov'24

  Volexity details Russia's novel 'Nearest Neighbor Attack'

  The security company warned that the new attack style highlights the importance of securing Wi-Fi networks, implementing MFA and patching known vulnerabilities.

• November 21, 2024 21 Nov'24

  Cyber insurers address ransom reimbursement policy concerns

  In a recent op-ed for The Financial Times, U.S. Deputy National Security Advisor Anne Neuberger wrote that reimbursing ransom payments is a 'troubling practice that must end.'

• November 21, 2024 21 Nov'24

  DOJ charges 5 alleged Scattered Spider members

  The defendants, charged for conducting alleged phishing scams across the U.S., are suspected members of a prolific threat group responsible for last year's casino attacks.

• November 20, 2024 20 Nov'24

  Risk & Repeat: China hacks major telecom companies

  The FBI and CISA confirmed reports that Salt Typhoon breached several major telecom companies and accessed data related to law enforcement requests.

• November 20, 2024 20 Nov'24

  Apple warns 2 macOS zero-day vulnerabilities under attack

  The macOS Sequoia vulnerabilities are the latest to be targeted and exploited by threat actors as cybersecurity vendors report a shift in the landscape.

• November 19, 2024 19 Nov'24

  Microsoft to offer hackers millions in Zero Day Quest event

  Microsoft launched Zero Day Quest on Tuesday with a preliminary event offering bug bounty researchers rewards with multipliers for select security scenarios.

• November 19, 2024 19 Nov'24

  2 Palo Alto Networks zero-day vulnerabilities under attack

  CVE-2024-9474 marks the second zero-day vulnerability in Palo Alto Networks' PAN-OS firewall management interface to come under attack in the last week.

• November 18, 2024 18 Nov'24

  Chinese APT exploited unpatched Fortinet zero-day flaw

  Volexity reported that a Chinese APT actor exploited a zero-day vulnerability in Fortinet's Windows VPN FortiClient software that enables credentials to be stolen from a system.

• November 15, 2024 15 Nov'24

  MFA required for AWS Organizations member accounts in 2025

  AWS is one of several cloud providers that will implement MFA requirements over the next year, with other relevant names including Google Cloud and Microsoft Azure.

• November 15, 2024 15 Nov'24

  Palo Alto Networks PAN-OS management interfaces under attack

  Palo Alto Networks confirmed that threat actors are exploiting a vulnerability in PAN-OS firewall management interfaces after warning customers to secure them for nearly a week.

• November 14, 2024 14 Nov'24

  Infoblox: 800,000 domains vulnerable to hijacking attack

  While the 'Sitting Ducks' attack vector continues to pose a problem, Infoblox says domain registrars, DNS providers and government bodies remain inactive.

• November 14, 2024 14 Nov'24

  CISA, FBI confirm China breached telecommunication providers

  The government agencies confirmed Wall Street Journal reports that China-backed threat actors breached telecommunication providers and access data for law enforcement requests.

• November 13, 2024 13 Nov'24

  Most widely exploited vulnerabilities in 2023 were zero days

  While zero-day exploitation surged throughout 2023, CISA said threat actors continue to exploit known vulnerabilities that were disclosed and patched as far back as 2017.

• November 12, 2024 12 Nov'24

  Amazon employee data leaked from MoveIt Transfer attack

  Although Amazon confirms that employee data was leaked, it stresses that data was stolen via a third-party vendor and that only contact information was obtained.

• November 07, 2024 07 Nov'24

  Ransomware attacks caused prolonged disruptions in October

  The Ransomhub, Rhysdia and Interlock ransomware gangs claimed responsibility for attacks that knocked victims' services offline, sometimes for several weeks.

• November 06, 2024 06 Nov'24

  CISA on 2024 election security: 'Good news' for democracy

  CISA Director Jen Easterly says that despite disruptions including bomb threats in multiple states, Election Day 2024 was a success story from a security standpoint.

• November 05, 2024 05 Nov'24

  Canadian authorities arrest alleged Snowflake hacker

  Alexander Moucka was arrested last week and is expected to appear in court Tuesday for allegedly breaching dozens of Snowflake customers.

• November 05, 2024 05 Nov'24

  Google Cloud to roll out mandatory MFA for all users

  Google's three-phase plan for mandatory MFA, which will culminate in late 2025, follows similar efforts from other cloud providers such as AWS and Microsoft.

• November 04, 2024 04 Nov'24

  CISA: U.S. election disinformation peddled at massive scale

  CISA said the U.S. cybersecurity agency has seen small-scale election incidents 'resulting in no significant impacts to election infrastructure,' such as low-level DDoS attacks.

• October 31, 2024 31 Oct'24

  China-based APTs waged 5-year campaign on Sophos firewalls

  For years, several advanced persistent threat groups tied to the Chinese government targeted Sophos firewall products with custom malware and zero-day exploits.