Cybersecurity News Hero

Combing the world for the cybersecurity stories you need to know.

Cybersecurity News
Faucet 1684902 1280
The Hidden Cyber Threats Endangering U.S. Drinking Water Systems
December 13, 2024
In January of 2024, several water and wastewater plants in Texas were targeted by hackers, later linked to a Russian group, who gained access to certain supervisory control and data acquisition (SCADA) systems. Fortunately, consequences…
Read More >
Code 820275 1280
New Report Warns of AppSec Fatigue and AI Overconfidence Threatening Open Source Software Security
December 12, 2024
The 2024 State of Open Source Security report reveals a troubling new trend: “AppSec fatigue,” where open source development teams are increasingly overwhelmed by the high volume of security vulnerabilities they must address to develop…
Read More >
Jet 2736962 1280
The Dream Job Scam: Iranian Hackers Target Aerospace Sector with Sophisticated Cyber Espionage
December 11, 2024
The promise of a dream job is a powerful lure. For employees in the aerospace and defense industries, it’s also become a dangerous one. An advanced cyber-espionage campaign, dubbed the Iranian "Dream Job" scam, has…
Read More >
Operation Lunar Peak Palo Alto Networks
Operation Lunar Peek: A New Cyber Threat Targets Vulnerable PAN-OS Systems
December 04, 2024
An emerging cyberattack campaign has been identified and dubbed “Operation Lunar Peek,” affecting Palo Alto Networks’ PAN-OS software. Exploiting two critical PAN-OS vulnerabilities, the campaign has already had a significant impact, compromising over 2,000 devices…
Read More >
identity fraud deepfake artificial intelligence
AI's Role in the Evolution of Identity Fraud
December 03, 2024
Identity fraud has entered a new era thanks to the rise of artificial. Once a manual, labor-intensive endeavor, identity fraud has evolved into a sophisticated, AI-enabled industry. According to the 2025 Identity Fraud Report, digital…
Read More >
holiday scams
Holiday Scams on the Rise: How Cybercriminals Exploit the Season of Giving
December 02, 2024
The holiday season is always a time of heavy activity for cybercriminals, as they take advantage of the heightened emotions, increased shopping and travel activity, and busy preparations to create ripe targets for attacks. Many…
Read More >
email fraud cyber insurance
The Rising Threat of Email Fraud: How Businesses Can Stay Ahead of Cybercriminals
November 29, 2024
It's 4:48 pm on the Friday before a long weekend, and you have just received an email from the CEO requesting immediate payment or an important deal will fall through. This could be genuine, but…
Read More >
CISA Jen Easterly
Leadership Shift Imminent at CISA
November 26, 2024
A Cybersecurity and Infrastructure Agency (CISA) spokesperson recently announced that all appointees of the Biden-Harris administration will vacate their positions by inauguration day. As the U.S. begins to prepare for the official presidential transition, CISA…
Read More >
security debt application security financial
Mounting Security Debt Is Putting Financial Services at Risk
November 22, 2024
Many financial institutions have a debt problem. Not a monetarily but a software security one. Veracode’s State of Software Security 2024 study reports that over three out of four (76%) financial organizations have security debt,…
Read More >
FIDO Alliance passkeys passwords
From Frustration to Security: How Passkeys Are Transforming the Way We Log In
November 21, 2024
Passwords have been a cornerstone of digital authentication for decades, but their flaws are becoming increasingly apparent. According to the FIDO Alliance's latest report, "password pain" has led 42% of consumers to abandon purchases due…
Read More >
Traceable API security report
Rethinking API Security: Generative AI, Bots, and the Need for New Defenses
November 20, 2024
API vulnerabilities–and their potential impact on a company’s cybersecurity defenses–are a real and growing concern. Traceable recently released its second annual research report, the 2025 Global State of API Security, and found that most organizations…
Read More >
Remcos RAT trap Fortinet
The Remcos RAT Trap: How Phishing Campaigns Are Exploiting Old Vulnerabilities for Remote Control
November 19, 2024
The manipulation of remote administration tools (RATs) for cyberattacks is on the rise, with bad actors evading security measures to exploit known vulnerabilities. The dangers here are many, as leveraging RATs grants attackers high levels…
Read More >
RaaS ransomware-as-a-service
RaaS Revolution: How Ransomware-as-a-Service is Escalating the Corporate Cybersecurity Arms Race
November 18, 2024
Ransomware has evolved from isolated, opportunistic attacks into a sprawling, professionalized industry. Today, cybercriminals have access to Ransomware-as-a-Service (RaaS) platforms that provide powerful tools and infrastructure, making it possible for even novice attackers to launch…
Read More >
human-operated attacks ransomware
Microsoft Report Finds Human-Operated Attacks and Unmanaged Devices Are Leading to More Cyberattacks
November 14, 2024
The newly released Microsoft Digital Defense Report 2024 provides in-depth analysis and insights into the latest trends in cybersecurity. This report is crucial for any organization looking to stay informed about the latest threats and…
Read More >
Lumma Stealer CAPTCHA phishing
Tricked By a CAPTCHA: How Cybercriminals are Using Fake Verifications to Steal Sensitive Data
November 12, 2024
One of the most ubiquitous security measures on the internet, CAPTCHA is not generally seen as a potential threat vector, but bad actors can leverage fake CAPTCHA pages to harvest sensitive information from their targets.…
Read More >
Latrodectus phishing malware
Latrodectus Malware: The Stealth Phishing Threat to Critical Sectors
November 11, 2024
Latrodectus is a relatively new and sophisticated type of malware. Its name comes from the Latrodectus genus of spiders, which includes the infamous black widow. Latrodectus is well-named since it reflects the malware’s stealthy and…
Read More >
cybersecurity training CybSafe
The Overconfidence Trap: How Skipped Cybersecurity Training is Leaving Businesses Exposed
November 08, 2024
Cybersecurity training access has increased for the first time in four years, yet a quarter of employees still skip it entirely—often due to overconfidence, according to a new global study. The findings come from CybSafe's…
Read More >
Extrahop data breaches
Data Breaches Are More Costly Than We Thought—And Companies May Be Ill-Prepared
November 07, 2024
How much do data breaches really cost organizations? Are companies truly prepared to absorb the full extent of the costs associated with a data breach? New research from ExtraHop argues companies are not. The true…
Read More >
Subscribe for the Latest News
Webinars
5 SIEM Migration Myths Debunked: Why You Should Move to a Cloud-Native, AI-Driven SOC
Register Now
Securing the AI Frontier: Defending the Enterprise Ecosystem with Prisma AIRS
Register Now
When Your Cloud Directory Goes Dark: Recovering Entra ID After a Cyberattack
Register Now