The financially-motivated hacker was previously linked to the mass exploitation of critical vulnerabilities in MOVEit file-transfer software.

The agency’s declaratory ruling took effect Thursday, but the future outlook of that effort and a separate proposed rule remain uncertain under the incoming administration.

Outgoing CISA Director Jen Easterly didn’t say what agencies were impacted by Salt Typhoon or when, but noted it provided greater visibility into the active campaign.

Released in the administration's final days, the highly-anticipated order follows a series of sophisticated attacks against federal agencies and critical infrastructure providers.

A report from Allianz shows the global disruption caused by CrowdStrike’s IT mishap added to longtime concerns about data breaches and ransomware.

Ransomware remains the top cyber risk concern among executives, but CISOs are almost twice as likely as CEOs to make that determination.

The federal agency said the number of critical infrastructure organizations enrolled in its vulnerability scanning program nearly doubled since 2022.

Federal authorities are still working with the company to investigate a hack of Treasury Department workstations, but have not yet explained the CVEs’ specific roles in the attacks.

Threat hunters are on high alert as 900 Ivanti Connect Secure instances remain unpatched and vulnerable to exploitation, according to Shadowserver.

Despite an increase in cyber incidents, breaches had less impact on consumer trust in 2024, a Vercara survey found.

Discover the dual impact of AI in cybersecurity: enhancing efficiency and compliance while opening new risk avenues.

State officials received reports from Deloitte and a third-party forensic firm showing the threat to the database has been mitigated and restoration efforts are underway.

Jen Easterly said companies need to consider cybersecurity threats as core risks that need to be fully incorporated into corporate business strategy.

Two in five executives view data breaches and leaks as the most financially burdensome man-made threats, a Chubb study found.

The cloud-based K-12 software provider confirmed a compromised credential was used to access its PowerSource customer support portal.

Critical industries are up against never before seen challenges to remain secure and operational, while regulatory pressures have completely upended the role of the CISO in corporate America.

The latest attacks come one year after a threat group exploited a pair of zero-days in the same Ivanti product.

Harry Coker Jr. said China and other adversaries cannot be allowed free reign to conduct malicious cyber activities. 

Total funding was up 9% year over year to $9.5 billion. More than half of all dollars raised went to late-stage rounds, Pinpoint Search Group said.

The White House is also working on an executive order to limit federal purchasing of connected products that meet the minimum security standards under the program.

Two of the largest telecom providers in the U.S. said the China-government sponsored threat group is no longer embedded in their networks.

BeyondTrust says an investigation of a December attack spree is nearing completion and SaaS instances are fully patched. Hackers used a stolen key to attack Treasury workstations.

Experts say MLOps will bridge the gap between development and operations, creating room for the inclusion of security and privacy practices, too.

A Beijing-based cybersecurity company, Integrity Technology Group Inc., is linked to years of exploitation activity targeting U.S. critical infrastructure.

With issues such as cryptocurrency and climate change facing the next SEC chair, it’s unclear whether rolling back cybersecurity rules will be high on the priority list.