Topic: incident response
-
ENISA to Lead €36m EU-Wide Cybersecurity Response Initiative
The EU has allocated €36 million to ENISA to coordinate a cybersecurity response initiative, enhancing collective resilience against large-scale cyber incidents across member states and partner nations. ENISA will manage the EU Cybersecurity Reserve, a virtual pool of private sector services, to ...
Read More » -
Semperis Unifies Identity Recovery for Faster Cyber Response
Semperis has launched Ready1 for Identity Crisis Management, a no-cost offering that integrates its identity recovery tools with a structured crisis management system to help businesses quickly resume operations after identity attacks. The platform provides automated features like a command-and-c...
Read More » -
Ready1 Restores Operations After Identity Breach Crisis
Semperis has launched Ready1, an integrated platform for managing identity crises by combining Active Directory Forest Recovery, Disaster Recovery for Entra Tenant, and Identity Forensics services to help organizations quickly restore operations after cyberattacks. The platform features automated...
Read More » -
Federal Agency Hacked Through GeoServer Vulnerability
A federal agency suffered a cybersecurity breach in July 2024 when attackers exploited a critical, unpatched vulnerability in a public-facing GeoServer, allowing them to deploy malicious tools and establish persistence. The attackers used the same vulnerability to breach a second server, moved la...
Read More » -
SolarWinds AI Agent Advances Autonomous Operations
SolarWinds has introduced an AI Agent and enhanced AI capabilities to help IT departments achieve autonomous operational resilience by predicting problems, automating responses, and reducing cognitive load on human operators. The AI Agent functions as a digital team member, supporting observabili...
Read More » -
Putting NICE Guidelines into Practice: Training Insights
SMBs can effectively train employees against cyber threats by focusing on a streamlined, scenario-based program derived from the NICE Framework, targeting the most common attacks like phishing, malware, and web-based threats. The training integrates technical skills with legal knowledge through r...
Read More » -
Remote Access Abuse: The #1 Sign of a Ransomware Attack
Abuse of remote access software and services is the most common warning sign of an impending ransomware attack, as cybercriminals exploit tools like RDP, AnyDesk, and PowerShell to gain domain administrator privileges. Key defenses include configuring security tools to allow only trusted applicat...
Read More » -
Hackers Breach Federal Agency via GeoServer Flaw, CISA Warns
A critical vulnerability (CVE-2024-36401) in GeoServer was exploited to breach a U.S. federal agency's network after attackers compromised an unpatched server. The attackers moved laterally from the initial entry point, deploying malicious tools like China Chopper and using brute force attacks to...
Read More » -
Hiring Now: Top Cybersecurity Jobs in September 2025
A wide range of top cybersecurity roles are available globally in September 2025, reflecting high demand for experts in protecting digital assets across various industries and work arrangements. Key positions include specialized roles such as Application Security Architect, Chief Information Secu...
Read More » -
Urgent: Change Your Plex Password Now
Plex has experienced a security breach where an unauthorized party accessed customer data, including email addresses, usernames, and securely hashed passwords. The company has addressed the vulnerability and recommends users immediately reset their passwords and enable two-factor authentication f...
Read More » -
Hiring Now: Top Cybersecurity Jobs for September 2025
The cybersecurity job market is expanding rapidly due to increasing cyber threats, with high demand for specialized roles across various sectors and countries. Key positions include Chief Information Security Officers (CISOs) who develop security strategies and manage risk, and other roles like C...
Read More » -
Secure Your Google Workspace: Protect Data, Not Just Access
Modern digital workplaces face security challenges from interconnected tools, where attackers exploit legitimate access tokens rather than breaching traditional perimeters. Recent incidents, like the Drift Email compromise, show that third-party integrations can bypass robust security frameworks,...
Read More » -
Akira Ransomware Hijacks Victim's Remote Management Tool
Hackers used the trusted Datto RMM tool and a Living Off The Land strategy to deploy Akira ransomware, disguising their actions as normal IT operations to avoid detection. The attack was halted by Barracuda Managed XDR, which detected the encryption activity and immediately isolated the compromis...
Read More » -
Flowmon ADS 12.5: Effortless Threat Detection Made Simple
Progress Software has launched Flowmon ADS 12.5, an AI-powered anomaly detection system designed to simplify threat identification and provide enhanced network visibility for organizations. The solution addresses challenges like alert fatigue and resource constraints, especially for midsize busin...
Read More » -
SonicWall Urges Password Reset Following Security Breach
SonicWall has advised customers to reset passwords after detecting unauthorized access to firewall configuration backup files in some MySonicWall accounts, which contain sensitive data like credentials and tokens. The company confirmed this was not a ransomware attack but a series of targeted bru...
Read More » -
3 Must-Haves to Survive a Cyberattack
Swift and effective response to a cyberattack depends on having clarity, control, and a reliable lifeline already in place. Clarity involves real-time detection and understanding of the incident's scope, enabling informed decisions to isolate and manage threats. Control means the ability to conta...
Read More » -
Qualys, Tenable Hit in Salesloft Data Breach
Tenable and Qualys experienced unauthorized access to their Salesforce data due to stolen OAuth tokens from the Salesloft Drift application, highlighting risks from third-party integrations. Both firms confirmed their core products and services were unaffected, and they responded by disabling the...
Read More » -
Securing Farms from Cyber Threats: A John Deere CISO Q&A
Modern agriculture relies heavily on interconnected, software-driven systems, making cybersecurity as critical as physical equipment to protect the supply chain from threats. John Deere employs a security-by-design approach, integrating protections from development through testing, and collaborat...
Read More » -
Top Cybersecurity Products Launched This Week: October 2025
OPSWAT's MetaDefender Drive offers a portable, network-free threat scanner for securely validating temporary devices before they access protected networks. Radiflow360 integrates operational technology risk management, compliance, and incident response into a unified platform for mid-sized indust...
Read More » -
Red Hat Admits GitLab Hack, User Data Stolen
Red Hat confirmed a security breach of an internal GitLab system used by its Consulting team, initially misreported as targeting GitHub, where a cybercriminal group claimed to have stolen substantial proprietary data. The attackers, Crimson Collective, allegedly exfiltrated around 570 GB of compr...
Read More » -
CISA Steps In as Federal MS-ISAC Funding Ends
The longstanding cooperative agreement between CISA and the Center for Internet Security has ended, shifting cybersecurity support for state, local, tribal, and territorial governments to be provided directly by CISA through grants, tools, and expert assistance. Federal funding for the MS-ISAC's ...
Read More » -
ManageEngine Reduces SOC Alert Fatigue with Reengineered Detection
Security operations centers are overwhelmed by excessive alerts, making it difficult to distinguish critical threats from irrelevant noise. ManageEngine's Log360 introduces a reengineered detection system that reduces false positives and improves threat coverage with over 1,500 prebuilt, continuo...
Read More » -
Major Cybersecurity Firms Impacted by Salesloft Data Breach
A data breach at Salesloft impacted over 700 organizations, including major cybersecurity firms, by compromising OAuth tokens to access Salesforce databases and Google Workspace accounts. Attackers, identified as UNC6395, targeted AWS access keys, passwords, and Snowflake tokens, posing risks for...
Read More » -
Go Beyond Checklists: Build a Mature Automotive Cybersecurity Program
A mature automotive cybersecurity program requires a foundation in established frameworks like ISO, but must go beyond compliance by developing a tailored risk management strategy that addresses unique threats and deploys proactive controls across the enterprise. Comprehensive threat visibility, ...
Read More » -
Securing AI Agents in SaaS with Obsidian
Obsidian Security has launched a new defense system specifically designed to secure AI agents in SaaS environments, addressing the security gaps and cascading threats created by their rapid integration and excessive permissions. The proliferation of AI agents, such as those from Microsoft Copilot...
Read More » -
UK Arrests Suspect in RTX Ransomware Attack That Disrupted Airports
A ransomware attack on Collins Aerospace's MUSE software caused widespread flight disruptions at European airports, leading to an arrest by UK authorities. The MUSE software, which runs on separate customer networks, is critical for shared airport operations like check-ins and baggage handling, a...
Read More » -
New 'Obscura' Ransomware Emerges as Stealthy Threat
A new ransomware called "Obscura," discovered in late August 2025, uses domain infrastructure to stealthily spread across corporate networks by placing itself in the NETLOGON share for automatic replication. Upon execution, it disables recovery mechanisms like Volume Shadow Copies, terminates ove...
Read More » -
SonicWall Confirms Firewall Backup Files Breached in Cyberattack
SonicWall experienced a security breach where unauthorized access to its cloud backup service exposed sensitive firewall configuration data for a small subset of customers. The compromised files did not contain unencrypted credentials but included details that could help threat actors target rela...
Read More » -
Self-Propagating Attack Infects 187 npm Packages
A self-propagating worm named 'Shai-Hulud' has compromised at least 187 npm packages, starting with @ctrl/tinycolor and spreading to include modules under CrowdStrike’s namespace. The malware injects malicious scripts to steal sensitive credentials using TruffleHog and creates unauthorized GitHub...
Read More » -
CrowdStrike & Meta Simplify AI Security Tool Evaluation
CrowdStrike and Meta have launched CyberSOCEval, an open-source benchmarking suite to evaluate large language models' effectiveness in critical security tasks. The framework tests LLMs in incident response, threat analysis, and malware detection to help organizations identify genuinely effective ...
Read More » -
Education Sector Fortifies Ransomware Defenses, But IT Teams Pay a Heavy Price
Educational institutions are improving ransomware defenses, with 97% successfully recovering encrypted data and average ransom payments dropping significantly. Despite progress, vulnerabilities persist due to inadequate staffing and evolving threats like AI-enhanced phishing, while IT staff face ...
Read More » -
Wealthsimple Data Breach: Supply Chain Attack Exposes User Info
A data breach at Wealthsimple compromised sensitive client information due to a supply chain attack, but no account passwords or funds were accessed. Exposed data includes contact details, government IDs, Social Insurance Numbers, dates of birth, IP addresses, and account numbers, with affected c...
Read More » -
Fintech Firm Targeted in $130M Bank Heist Attempt by Hackers
Hackers attempted to steal approximately $130 million from Sinqia S.A., a Brazilian fintech subsidiary, by exploiting stolen credentials to access Brazil's Pix payment network. The breach was detected and contained, with some funds recovered and no customer data compromised, though Sinqia's acces...
Read More » -
Top Cybersecurity Jobs Hiring Now: August 26, 2025
The global demand for skilled cybersecurity professionals is rising across diverse industries, including construction, retail, finance, and government, offering opportunities at all career levels. Numerous organizations worldwide are actively hiring for a variety of cybersecurity roles, ranging f...
Read More » -
Malicious npm Code Infiltrated 10% of Cloud Environments
A supply chain attack using malicious npm packages has compromised about 10% of cloud environments, initiated by a threat actor who hijacked a developer's account to publish trojanized packages. The malicious code, which embedded crypto-stealing malware to intercept and reroute cryptocurrency tra...
Read More » -
NCA Arrests HardBit Ransomware Suspect in Airport Attack
British investigators arrested a suspect in West Sussex for a ransomware attack that severely disrupted European air travel by targeting critical airport systems. The attack has been linked to the HardBit ransomware group and exploited basic security flaws in Collins Aerospace's ARINC vMUSE softw...
Read More » -
Top Cybersecurity Jobs Hiring in September 2025
The cybersecurity field is experiencing high demand for professionals in September 2025, with global opportunities available in various roles and work arrangements, including remote positions. Key roles being recruited for include Application Security Engineers, CISOs, Cloud Security Architects, ...
Read More » -
Bolster Defenses Against Scattered Spider Attacks, Experts Warn
The Scattered Spider hacking group poses a severe threat to businesses by using sophisticated methods like social engineering and ransomware, requiring immediate improvements in identity management, security processes, and third-party risk management. Their attack strategy often starts with vishi...
Read More » -
CISA Warns: Malware Kits Found in Ivanti EPMM Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified malware exploiting two vulnerabilities in Ivanti Endpoint Manager Mobile, enabling remote command execution. A China-linked espionage group has been actively using these vulnerabilities as zero-days since mid-May to e...
Read More » -
Urgent: NetScaler Zero-Day Exploit Actively Attacked (CVE-2025-7775)
Three critical vulnerabilities have been discovered in Citrix NetScaler ADC and Gateway devices, with CVE-2025-7775 already being actively exploited for remote code execution and denial of service. Citrix has released security updates for affected versions and strongly advises immediate patching,...
Read More » -
Cyber-Attacks Hit Three French Regional Healthcare Agencies
A coordinated cybersecurity breach compromised personal data of patients in multiple French regions, though medical records remained secure. Attackers used stolen credentials to impersonate healthcare professionals and access systems via regional e-health platforms. Authorities are taking action ...
Read More » -
Cybersecurity Crisis: 2 in 3 Companies Face Staff Shortages
Nearly two-thirds of companies face unfilled cybersecurity positions, creating critical vulnerabilities due to slow hiring and sophisticated threats, while 55% still operate with insufficient staff. A disconnect exists between security teams and leadership, with only 56% of professionals believin...
Read More » -
Legit Tools Turned Malicious: Velociraptor and Nezha Weaponized
Legitimate open-source tools Velociraptor and Nezha are being weaponized by threat actors to maintain access, evade detection, and deploy ransomware or malware on enterprise systems. A China-linked ransomware group exploited an outdated Velociraptor version with a privilege escalation flaw to dep...
Read More » -
Crimson Collective Hackers Breach AWS for Data Theft
The Crimson Collective is a hacking group infiltrating AWS infrastructures to steal sensitive data and extort organizations, as seen in a breach at Red GitLab repositories. Attackers compromise AWS using exposed credentials and tools like TruffleHog, then escalate privileges to gain administrativ...
Read More » -
Renault and Dacia UK alert customers to data breach
Renault and Dacia customers in the UK were affected by a data breach at an unnamed third-party service provider, exposing personal details like names, addresses, and vehicle information. The breach did not compromise banking or financial data, and the third-party provider has contained the threat...
Read More » -
NY Blood Center Data Breach: 194,000 People Alerted
The New York Blood Center experienced a major data breach in January 2025, compromising nearly 194,000 individuals' data and ranking among the largest healthcare breaches of the year. Exposed information includes personal and financial details, health records, and test results, with affected indi...
Read More » -
Insight Partners Notifies Clients of Ransomware Data Breach
Insight Partners disclosed a ransomware attack that began in October 2024, was detected in January 2025, and compromised personal and financial data of over 12,000 individuals. The breach resulted from a sophisticated social engineering attack, leading to data theft and system encryption, though ...
Read More » -
CISA Launches New Tool to Streamline Incident Response
CISA and MITRE introduced the Eviction Strategies Tool, a free resource for organizations. This tool empowers cyber defenders to swiftly create customized plans for removing threats from compromised systems. By integrating extensive countermeasure data, it simplifies complex incident response, aiming to significantly reduce attacker presence and bolster overall cyber defenses nationwide.
Read More » -
AI Reshapes SOC Roles Without Reducing Staff
AI is transforming SOCs by shifting roles rather than eliminating jobs, with 96% of security leaders not planning to cut staff despite AI adoption. Nearly half of leaders (44%) are moving Tier 1 analysts to advanced roles, as AI handles repetitive tasks, allowing focus on strategic initiatives li...
Read More » -
Boost Incident Response with NETSCOUT Adaptive Threat Analytics
NETSCOUT's **Adaptive Threat Analytics** enhances the Omnis Cyber Intelligence platform, providing faster threat investigation and response tools amid rising incident containment times (averaging 73 days). The solution addresses challenges like **alert fatigue and AI-powered attacks** by offering...
Read More »
