Former CISA Head Slams Trump Admin Over 'Loyalty Mandate'

Jen Easterly, former director of CISA, discussed the first 100 days of the second Trump administration and criticized the president's "mandate for loyalty" during a panel at RSAC 2025.

TheWizards APT Casts a Spell on Asian Gamblers With Novel Attack

A SLAAC-spoofing, adversary-in-the-middle campaign is hiding the WizardNet backdoor malware inside updates for legitimate software and popular applications.

NVIDIA's AI Security Offering Protects From Software Landmines

NVIDIA's DOCA Argus prevents attacks before they compromise AI architectures.

Many Fuel Tank Monitoring Systems Vulnerable to Disruption

Thousands of automatic tank gauge (ATG) devices are accessible over the Internet and are just "a packet away" from compromise, security researcher warns at 2025 RSAC Conference.

From Mission-Centric to People-Centric: Competitive Leadership in Cyber

Making a case for empathy in cyber-leadership roles as a strategic business advantage.

Hacking in Space: Not as Tough as You Might Think

Barbara Grofe, space asset security architect at Spartan Corp, discussed the realities of hacking in space, and the outlook is not pie-in-the-sky.

Risks of Using AI Models Developed by Competing Nations

The current offline/open source model boom is unstoppable. Its impact depends on how well the risks are managed today.

Windows Backdoor Targets Members of Exiled Uyghur Community

A spear-phishing campaign sent Trojanized versions of legitimate word-processing software to members of the World Uyghur Congress as part of China's continued cyber-espionage activity against the ethnic minority.

Vulnerability Exploitation Is Shifting in 2024-25

The number of vulnerabilities exploited by attacks may not be growing these days, but they are increasingly affecting enterprise technologies.

SAP NetWeaver Visual Composer Flaw Under Active Exploitation

CVE-2025-31324 is a maximum severity bug that attackers exploited weeks before SAP released a patch for it.

AI, Automation, and Dark Web Fuel Evolving Threat Landscape

Attackers are leveraging the benefits of new technology and the availability of commodity tools, credentials, and other resources to develop sophisticated attacks more quickly than ever, putting defenders on their heels.

Forget the Stack; Focus on Control

Security teams are under more pressure than ever — and cybersecurity debt is adding fuel to the fire. While it can't be eliminated overnight, it can be managed.

DoJ Data Security Program Highlights Data Sharing Challenges

The Department of Justice announced compliance rules for the Data Security Program that will require organizations to reexamine how they do business and with whom.

Digital Twins Bring Simulated Security to the Real World

By simulating business environments or running software, while incorporating real-time data from production systems, companies can model the impact of software updates, exploits, or disruptions.

'SessionShark' ToolKit Evades Microsoft Office 365 MFA

The creators of the toolkit are advertising it as an educational and ethical resource, but what it promises to provide users if purchased indicates it's anything but.

Max-Severity Commvault Bug Alarms Researchers

Though already patched, the vulnerability is especially problematic because of the highly privileged access it offers to business-critical systems, sensitive data, and backups for attackers.

NFC-Powered Android Malware Enables Instant Cash-Outs

Researchers at security vendor Cleafy detailed a malware known as "SuperCard X" that uses the NFC reader on a victim's own phone to steal credit card funds instantly.

FBI: Cybercrime Losses Rocket to $16.6B in 2024

The losses are 33% higher than the year before, with phishing leading the way as the most-reported cybercrime last year, and ransomware was the top threat to critical infrastructure, according to the FBI Internet Crime Report.

North Korean Operatives Use Deepfakes in IT Job Interviews

Use of synthetic identities by malicious employment candidates is yet another way state-sponsored actors are trying to game the hiring process and infiltrate Western organizations.

Japan Warns on Unauthorized Stock Trading via Stolen Credentials

Attackers are using credentials stolen via phishing websites that purport to be legitimate securities company homepages, duping victims and selling their stocks before they realize they've been hacked.

Kubernetes Pods Are Inheriting Too Many Permissions

Scalable, effective — and best of all, free — securing Kubernetes workload identity cuts cyber-risk without adding infrastructure, according to new research from SANS.

Microsoft Purges Millions of Cloud Tenants in Wake of Storm-0558

The tech giant is boosting Entra ID and MSA security as part of the wide-ranging Secure Future Initiative (SFI) that the company launched following a Chinese APT's breach of its Exchange Online environment in 2023.

3 More Healthcare Orgs Hit by Ransomware Attacks

Dialysis firm DaVita, Wisconsin-based Bell Ambulance, and Alabama Ophthalmology Associates all suffered apparent or confirmed ransomware attacks this month.

'Cookie Bite' Entra ID Attack Exposes Microsoft 365

A proof-of-concept (PoC) attack vector exploits two Azure authentication tokens from within a browser, giving threat actors persistent access to key cloud services, including Microsoft 365 applications.

'Elusive Comet' Attackers Use Zoom to Swindle Victims

The threat actor uses sophisticated social engineering techniques to infect a victim's device, either with an infostealer or remote access Trojan (RAT).

Nation-State Threats Put SMBs in Their Sights

Cyberthreat groups increasingly see small and medium-sized businesses, especially those with links to larger businesses, as the weak link in the supply chain for software and IT services.

Can Cybersecurity Weather the Current Economic Chaos?

Cybersecurity firms tend to be more software- and service-oriented than their peers, and threats tend to increase during a downturn, leaving analysts hopeful that the industry will buck a recession.

Nation-State Threats Put SMBs in Their Sights

Cyberthreat groups increasingly see small and medium businesses, especially those with links to larger businesses, as the weak link in the supply chain for software and IT services.

ASUS Urges Users to Patch AiCloud Router Vuln Immediately

The vulnerability is only found in the vendor's router series and can be triggered by an attacker using a crafted request — all of which helps make it a highly critical vulnerability with a 9.2 CVSS score.

The Global AI Race: Balancing Innovation and Security

The AI security race is on — and it will be won where defenders come together with developers and researchers to do things right.

Organizations Fix Less Than Half of All Exploitable Vulnerabilities, With Just 21% of GenAI App Flaws Resolved

Attackers and Defenders Lean on AI in Identity Fraud Battle

Identity verification, insurance claims, and financial services are all seeing surges in AI-enabled fraud, but organizations are taking advantage of AI systems to fight fire with fire.

Chinese APT Mustang Panda Debuts 4 New Attack Tools

The notorious nation-state-backed threat actor has added two new keyloggers, a lateral movement tool, and an endpoint detection and response (EDR) evasion driver to its arsenal.

If Boards Don't Fix OT Security, Regulators Will

Around the world, governments are setting higher-bar regulations with clear corporate accountability for breaches on the belief organizations won't drive up security maturity for operational technology unless they're made to.

PromptArmor Launches to Help Assess, Monitor Third-Party AI Risks

The AI security startup has already made waves with critical vulnerability discoveries and seeks to address emerging AI concerns with its PromptArmor platform.

Android Phones Pre-Downloaded With Malware Target User Crypto Wallets

The threat actors lace pre-downloaded applications with malware to steal cryptocurrency by covertly swapping users' wallet addresses with their own.

GPS Spoofing Attacks Spike in Middle East, Southeast Asia

An Indian disaster-relief flight delivering aid is the latest air-traffic incident, as attacks increase in the Middle East and Myanmar and along the India-Pakistan border.

China-Linked Hackers Lay Brickstorm Backdoors on Euro Networks

Researchers discovered new variants of the malware, which is tied to a China-nexus threat group, targeting Windows environments of critical infrastructure networks in Europe.

Ransomware gang 'CrazyHunter' Targets Critical Taiwanese Orgs

Trend Micro researchers detailed an emerging ransomware campaign by a new group known as "CrazyHunter" that is targeting critical sectors in Taiwan.

AI-Powered Presentation Tool Leveraged in Phishing Attacks

Researchers at Abnormal Security said threat actors are using a legitimate presentation and graphic design tool named "Gamma" in phishing attacks.

Hertz Falls Victim to Cleo Zero-Day Attacks

Customer data such as birth dates, credit card numbers and driver's license information were stolen when threat actors exploited zero-day vulnerabilities in Cleo-managed file transfer products.

Hertz Falls Victim to Cleo Zero-Day Attacks

Customer data such as birth dates, credit card numbers and driver's license information were stolen when threat actors exploited zero-day vulnerabilities in Cleo-managed file transfer products.

Are We Prioritizing the Wrong Security Metrics?

True security isn't about meeting deadlines — it's about mitigating risk in a way that aligns with business objectives while protecting against real-world threats.

Threat Intel Firm Offers Crypto in Exchange for Dark Web Accounts

Prodaft is currently buying accounts from five Dark Web forums and offers to pay extra for administrator or moderator accounts. The idea is to infiltrate forums to boost its threat intelligence.

Fortinet Zero-Day Bug May Lead to Arbitrary Code Execution

A threat actor posted about the zero-day exploit on the same day that Fortinet published a warning about known vulnerabilities under active exploitation.

A New 'It RAT': Stealthy 'Resolver' Malware Burrows In

A new infostealer on the market is making big waves globally, replacing Lumma et al. in attacks and employing so many stealth, persistence, and anti-analysis tricks that it's downright difficult to count them all.

7 RSAC 2025 Cloud Security Sessions You Don't Want to Miss

Some of the brightest minds in the industry will discuss how to strengthen cloud security.

How DigitalOcean Moved Away From Manual Identity Management

DigitalOcean executives describe how they automated and streamlined many of the identity and access management functions which had been previously handled manually.

Morocco Investigates Social Security Agency Data Leak

A threat actor has claimed responsibility for the alleged politically motivated attack and has uploaded the stolen data to a Dark Web forum.

Pall Mall Process Progresses but Leads to More Questions

Nations continue to sign the Code of Practice for States in an effort to curb commercial spyware, yet implementation and enforcement concerns have yet to be figured out.

Paper Werewolf Threat Actor Targets Flash Drives With New Malware

The threat actor, also known as Goffee, has been active since at least 2022 and has changed its tactics and techniques over the years while targeting Russian organizations.

Financial Fraud, With a Third-Party Twist, Dominates Cyber Claims

The most damaging attacks continue to be ransomware, but financial fraud claims are more numerous — and both are driven by increasing third-party breaches.

What Should the US Do About Salt Typhoon?

Security experts weigh in on the problem Salt Typhoon and its hacking of telecoms poses against the United States, including what the US should do and how defenders can protect themselves.

Open Source Poisoned Patches Infect Local Software

Malicious packages lurking on open source repositories like npm have become less effective, so cyberattackers are using a new strategy: offering "patches" for locally installed programs.

CrushFTP Exploitation Continues Amid Disclosure Dispute

Attacks on a critical authentication bypass flaw in CrushFTP's file transfer product continue this week after duplicate CVEs sparked confusion.

Tariffs May Prompt Increase in Global Cyberattacks

Cybersecurity and policy experts worry that if tariffs give way to a global recession, organizations will reduce their spending on cybersecurity.

Oracle Appears to Admit Breach of 2 'Obsolete' Servers

The database company said its Oracle Cloud Infrastructure (OCI) was not involved in the breach. And at least one law firm seeking damages is already on the case.

China-Linked Hackers Continue Harassing Ethnic Groups With Spyware

Threat actors are trolling online forums and spreading malicious apps to target Uyghurs, Taiwanese, Tibetans, and other individuals aligned with interests that China sees as a threat to its authority.

Aurascape Brings Visibility, Security Controls to Manage AI Applications

New cybersecurity startup Aurascape emerged from stealth today with an AI-native security platform to automate security policies for AI applications.

Microsoft Drops Another Massive Patch Update

A threat actor has already exploited one of the flaws in a ransomware campaign with victims in the US and other countries.

UK Orgs Pull Back Digital Projects With Looming Threat of Cyberwarfare

Artificial intelligence poses a significant concern when it comes to nation-state cyberthreats and AI's ability to supercharge attacks.

2 Android Zero-Day Bugs Under Active Exploit

Neither security issue requires user interaction; and one of the vulnerabilities was used to unlock a student activist's device in an attempt to install spyware.

Palo Alto Networks Begins Unified Security Rollout

Cortex Cloud integrates Prisma Cloud with CDR to provide a consolidated security posture management and real-time threat detection and remediation.

ToddyCat APT Targets ESET Bug to Load Silent Malware

Researchers found the threat actor attempting to use the now-patched flaw to load and execute a malicious dynamic link library on infected systems.

NIST to Implement 'Deferred' Status to Dated Vulnerabilities

The changes will go into effect over the next several days to reflect which CVEs are being prioritized in the National Vulnerability Database (NVD).

Scattered Spider's 'King Bob' Pleads Guilty to Cyber Charges

The 20-year-old was arrested in January 2024 alongside four other group members who carried out related cybercriminal acts, earning them similar charges.

Autonomous, GenAI-Driven Attacker Platform Enters the Chat

"Xanthorox AI" provides a modular GenAI platform for offensive cyberattacks, which supplies a model-agnostic, one-stop shop for developing a range of cybercriminal operations.

Intergenerational Mentoring: Key to Cybersecurity's AI Future

As threats evolve and technology changes, our ability to work together across generations will determine our success.

CISA Warns: Old DNS Trick 'Fast Flux' Is Still Thriving

An old DNS switcheroo technique is still helping attackers keep their infrastructure alive. But is it really a pressing issue in 2025?

Minnesota Tribe Struggles After Ransomware Attack

Hotel and casino operations for the Lower Sioux Indians have been canceled or postponed, and the local health center is redirecting those needing medical or dental care.

Disclosure Drama Clouds CrushFTP Vulnerability Exploitation

CrushFTP CEO Ben Spink slammed several cybersecurity companies for creating confusion around a critical authentication bypass flaw that's currently under attack.

Counterfeit Phones Carrying Hidden Revamped Triada Malware

The malware, first discovered in 2016, has been updated over the years, and the latest version is now hiding in the firmware of counterfeit mobile phones.

Runtime Ventures Launches New Fund for Seed, Pre-Seed Startups

Co-founders Michael Sutton and David Endler raised $32 million to invest in early stage cybersecurity startups as well as to provide mentoring support.

New PCI DSS Rules Say Merchants on Hook for Compliance, Not Providers

Merchants and retailers will now face penalties for not being compliant with PCI DSS 4.0.1, and the increased security standards make it clear they cannot transfer compliance responsibility to third-party service providers.

Israel Enters 'Stage 3' of Cyber Wars With Iran Proxies

While Israel and Iranian proxies fight it out IRL, their conflict in cyberspace has developed in parallel. These days attacks have decelerated, but advanced in sophistication.

DPRK 'IT Workers' Pivot to Europe for Employment Scams

By using fake references and building connections with recruiters, some North Korean nationals are landing six-figure jobs that replenish DPRK coffers.

In Salt Typhoon's Wake, Congress Mulls Potential Options

While the House Committee on Government Reform was looking for retaliatory options, cybersecurity experts pointed them toward building better defenses.

Surge in Scans on PAN GlobalProtect VPNs Hints at Attacks

Over the past few weeks, bad actors from different regions have been scanning devices with the VPN for potential vulnerabilities.

As CISA Downsizes, Where Can Enterprises Get Support?

In this roundtable, cybersecurity experts — including two former CISA executives — weigh in on alternate sources for threat intel, incident response, and other essential cybersecurity services.

Japan Bolsters Cybersecurity Safeguards With Cyber Defense Bill

The bill will allow Japan to implement safeguards and strategies that have been in use by other countries for some time.

Check Point Disputes Hacker's Breach Claims

The security vendor counters that none of the information came directly from its systems but rather was acquired over a period of time by targeting individuals.