Remote access tools most frequently targeted as ransomware entry points
Dive Brief: Remote access tools were the initial entry point in eight of every 10 ransomware attacks in 2024, according to a report released Thursday by…
Category: CyberSecurityDive
Fortinet warns of threat activity against older vulnerabilities
Dive Brief: Fortinet detailed new exploitation activity against known critical vulnerabilities in FortiGate devices, including CVE-2022-42475, CVE-2023-27997 and CVE-2024-21762, in a Thursday blog post.. Fortinet said that…
CIOs worry about cyber threats, tech talent
Dive Brief: Cybersecurity threats emerged as tech executives’ top challenge and area for investment, according to a report published Tuesday by IT resources and managed…
Sensata Technologies’ operations disrupted by ransomware attack
Sensata Technologies was struck by a ransomware attack earlier this week that disrupted several of the company’s operations, according to a regulatory filing. Sensata disclosed…
Plankey nomination at CISA placed on hold after Wyden pushes for telecom report
Sen. Ron Wyden has placed the nomination of Sean Plankey as director of the Cybersecurity and Infrastructure Security Agency on hold, citing the refusal to…
Treasury Department bank regulator discloses major hack
Attackers gained access to emails containing sensitive government data related to financial institutions in a cyberattack on the Department of the Treasury’s Office of the…
Windows CLFS zero-day exploited in ransomware attacks
Dive Brief: Attackers are exploiting a zero-day vulnerability in the Windows Common Log File System to deploy ransomware against various targets, including information technology and…
How AI Agents can help AppSec teams keep up with AI-generated code vulnerabilities
While AppSec teams are stuck with legacy scanners and backlogs, developers and hackers have adopted AI tools to accelerate their respective objectives. Developers are deploying…
WK Kellogg confirms employee data breach tied to Cleo file-transfer flaw
WK Kellogg Co. confirmed that at least one employee was affected in a December hack related to a vulnerability in Cleo file-transfer software, according to…
Over 5K Ivanti VPNs vulnerable to critical bug under attack
Dive Brief: The Shadowserver Foundation found 5,113 Ivanti VPN instances that are vulnerable to CVE-2025-22457, a critical stack-based buffer overflow flaw that affects Ivanti Connect…
Trump administration under scrutiny as it puts major round of CISA cuts on the table
The Trump administration is facing renewed scrutiny from Congress and other officials following reports that massive job cuts are coming to the Cybersecurity and Infrastructure…
CISA adds Ivanti Connect Secure vulnerability to KEV catalog
Dive Brief: CISA on Friday added CVE-2025-22457, a critical stack-based buffer-overflow flaw that affects several Ivanti products, to the agency’s known exploited vulnerabilities catalog. Ivanti…