Critical Infrastructure SecurityCritical bugs in Siemens, Schneider Electric gear top CISA advisorySteve ZurierApril 23, 2025CISA cites 16 CVEs impacting industrial systems in ICS advisory, four critical.
RansomwareFinancial malware on the rise as espionage attacks declineShaun NicholsApril 23, 2025Threat actors are getting more work from the private sector than from government sponsored agencies.
Cloud SecurityGoogle fixes Cloud Composer privilege escalation vulnerabilityLaura FrenchApril 22, 2025Tenable researchers say “ConfusedComposer” highlights how attackers can exploit cloud service permissions.
Security Strategy, Plan, BudgetTwo senior officials resign from federal cybersecurity office, CISASteve ZurierApril 22, 2025Continued brain drain includes two of the experts who managed CISA’s Secure by Design program.
IdentityMicrosoft reports improvement in Secure By Design for products, servicesShaun NicholsApril 21, 2025Microsoft said it's making strides in guarding its own systems against external threat actors.
RansomwareFog ransomware notes troll with DOGE references, bait insider attacksLaura FrenchApril 21, 2025Recent Fog samples are spread through phishing emails referencing pay adjustments.
RansomwareBulletproof hosting provider Proton66 steps-up malware campaignsSteve ZurierApril 21, 2025Researchers advise security teams to block sources of bulletproof hosting.
RSACBruce Schneier tackles AI hype, NSA surveillance, and cyber ‘rage fatigue’Tom Spring April 21, 2025Bruce Schneier on security theater, AI snake oil, and the limits of cryptographic morality.
Vulnerability ManagementAlarms sound over attacks via Microsoft NTLM vulnerabilityShaun NicholsApril 18, 2025Attacks targeting government and contractor companies in Poland and Romania via NTLM exploit.
Data SecurityHHS fines Guam hospital over ransomware attack, HIPAA violationsLaura FrenchApril 18, 2025A ransomware attack and incident involving former employees led to potential HIPAA violations.
