Critical Apache Tomcat RCE vulnerability exploited
Dive Brief: Researchers from GreyNoise on Thursday reported active exploitation of CVE-2025-24813, a critical remote code execution vulnerability in Apache Tomcat...
Read more →Category: CyberSecurityDive
How ASPM gives you control over complex architectures
As organizations embrace more dynamic and complex application architectures—such as microservices, hybrid cloud infrastructures, and rapid CI/CD pipelines—securing these environments...
Read more →
Coinbase originally targeted during GitHub Action supply chain attack
Dive Brief: The threat actors in the GitHub Action supply chain attack were targeting Coinbase as part of their initial...
Read more →
Medusa ransomware using malicious driver as EDR killer
A Medusa ransomware campaign is using a malicious driver to disrupt and even delete endpoint detection and response (EDR) products...
Read more →
Cisco Smart Licensing Utility flaws under attack
Dive Brief: Johannes Ullrich of the SANS Internet Storm Center reported exploitation attempts this week against two critical Cisco vulnerabilities...
Read more →
GitHub Action compromise linked to previously undisclosed attack
Dive Brief: The GitHub Action supply chain compromise that threatened the security of more than 23,000 repositories appears to be...
Read more →
11 nation-state groups exploit unpatched Microsoft zero-day
At least 11 state-sponsored threat groups since 2017 have been actively exploiting a Microsoft zero-day flaw allowing for abuse of...
Read more →
Google acquisition of Wiz driven by enterprise embrace of multicloud
After previously being left at the altar, Alphabet Inc. reached a deal Tuesday through its Google business to buy Wiz...
Read more →
CISA urges fired probationary workers to respond after federal judge grants order
Dive Brief: The Cybersecurity and Infrastructure Security Agency is reaching out to probationary workers who were terminated over the past...
Read more →
RansomHub using FakeUpdates scheme to attack government sector
RansomHub cyber threat actors have found a new way to deploy their ransomware, and they’re using it to target U.S. government...
Read more →
AI project failure rates are on the rise: report
Dive Brief: More enterprises reported AI project failures this year compared to 2024, according to analysis from S&P Global Market...
Read more →
Supply chain attack against GitHub Action triggers massive exposure of secrets
Security researchers are warning of a supply chain attack against tj-actions/changed-files GitHub Action, which is used in more than 23,000...
Read more →