CISA confirms exploitation of 3 more Cisco networking device vulnerabilities Cisco revealed six critical flaws in widely used products in February. The government has now seen evidence that hackers are abusing four of them.

CISA confirms exploitation of 3 more Cisco networking device vulnerabilities: www.cybersecuritydive.com/news/cisa-ci... (by @ericjgeller.com)

Vercel systems targeted after third-party tool compromised An employee using a consumer app was breached after granting too many permissions.

Vercel systems targeted after third-party tool compromised: www.cybersecuritydive.com/news/vercel-... (by David Jones)

Vulnerability exploitation surges often precede disclosure, offering possible early warnings Organizations can get ahead of major flaws with the right threat intelligence, according to a new report.

Vulnerability exploitation surges often precede disclosure, offering possible early warnings: www.cybersecuritydive.com/news/vulnera... (by @ericjgeller.com)

US joins nearly two dozen other countries in striking back against DDoS-for-hire platforms Authorities around the world seized more than 50 websites associated with DDoS “booter” services.

US joins nearly two dozen other countries in striking back against DDoS-for-hire platforms: www.cybersecuritydive.com/news/ddos-se... (by @ericjgeller.com)

CIOs fret over rising security concerns amid AI adoption AI is emerging as a critical tool and a growing threat as CIOs struggle to balance innovation with risk, according to Logicalis data.

CIOs fret over rising security concerns amid AI adoption: www.cybersecuritydive.com/news/AI-secu... (by Scarlett Evans)

CISA cancels prestigious summer internships, citing government shutdown Experts worry that recent chaos in the scholarship program could undermine vital workforce-development efforts.

CISA cancels prestigious summer internships, citing government shutdown: www.cybersecuritydive.com/news/cisa-cy... (by @ericjgeller.com)

NIST limits vulnerability analysis as CVE backlog swells The agency will stop adding detailed information to vulnerabilities that don’t meet certain criteria.

NIST limits vulnerability analysis as CVE backlog swells: www.cybersecuritydive.com/news/nist-vu... (by @ericjgeller.com)

Medium-severity flaw in Microsoft SharePoint exploited The flaw should be taken seriously, despite its relatively low score, according to researchers.

Medium-severity flaw in Microsoft SharePoint exploited: www.cybersecuritydive.com/news/medium-... (by David Jones)

FCC exempts Netgear from foreign router ban The commission did not explain its action beyond citing a Defense Department determination.

FCC exempts Netgear from foreign router ban: www.cybersecuritydive.com/news/fcc-net... (by @ericjgeller.com)

Brute-force cyberattacks originating in Middle East surge in Q1 Hackers have primarily targeted SonicWall and Fortinet devices, according to researchers.

Brute-force cyberattacks originating in Middle East surge in Q1: www.cybersecuritydive.com/news/brute-f... (by David Jones)

FCC signals continued commitment to Cyber Trust Mark program The government approved a new lead overseer for its IoT device security labeling initiative.

FCC signals continued commitment to Cyber Trust Mark program: www.cybersecuritydive.com/news/fcc-cyb... (by @ericjgeller.com)

CISOs see gaps in their incident response playbooks A survey by Sygnia reveals that senior-level security leaders fear they are not prepared to respond to the next cyberattack.

CISOs see gaps in their incident response playbooks: www.cybersecuritydive.com/news/cisos--... (by David Jones)

US, Indonesia shut down ‘sophisticated’ phishing kit For a nominal fee, cybercriminals could rent access to a service that maliciously duplicated popular website login portals.

US, Indonesia shut down ‘sophisticated’ phishing kit: www.cybersecuritydive.com/news/phishin... (by @ericjgeller.com)

Stryker warns of earnings fallout from March cyberattack The medtech company was targeted in a wiper attack linked to an Iran-sponsored threat group.

Stryker warns of earnings fallout from March cyberattack: www.cybersecuritydive.com/news/stryker... (by David Jones)

Nearly 4K industrial control devices vulnerable to Iran-linked hacking campaign A research firm tallied the internet-exposed devices Iran is targeting and recommended mitigations for any infrastructure operator using them.

Nearly 4K industrial control devices vulnerable to Iran-linked hacking campaign: www.cybersecuritydive.com/news/critica... (by @ericjgeller.com)

CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalog The code injection flaw is similar to a prior vulnerability that was immediately flagged in January.

CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalog: www.cybersecuritydive.com/news/cisa-se... (by David Jones)

NERC is ‘actively monitoring the grid’ following Iran-linked cyber threat Hackers have disrupted critical U.S. infrastructure by targeting programmable logic controllers, the Cybersecurity and Infrastructure Security Agency warned.

NERC is ‘actively monitoring the grid’ following Iran-linked cyber threat: www.cybersecuritydive.com/news/nerc-ci... (by Robert Walton)

US operation evicts Russia from hacked SOHO routers used to breach critical infrastructure The newly disclosed cyberattack campaign is the latest evidence of the threat end-of-life routers pose to major organizations.

US operation evicts Russia from hacked SOHO routers used to breach critical infrastructure: www.cybersecuritydive.com/news/russia-... (by @ericjgeller.com)

Olympic Games, FIFA World Cup offer huge platforms, rich cyberattack surface Global sporting events have become a lucrative target for criminal actors and geopolitical statements.

Olympic Games, FIFA World Cup offer huge platforms, rich cyberattack surface: www.cybersecuritydive.com/news/olympic... (by David Jones)

Iran-linked hackers targeting water, energy in US, FBI and CISA warn Nation-state actors have exploited flaws in industrial programmable logic controllers, leading to disruption and financial losses.

Iran-linked hackers targeting water, energy in US, FBI and CISA warn: www.cybersecuritydive.com/news/iran-li... (by David Jones)

CISA’s vulnerability scans, field support on chopping block in Trump budget The president is proposing to shrink the agency by nearly 900 positions.

CISA’s vulnerability scans, field support on chopping block in Trump budget: www.cybersecuritydive.com/news/cisa-tr... (by @ericjgeller.com)

React2Shell vulnerability helps hackers steal credentials, AI platform keys and other sensitive data The stolen information could help intruders plan follow-up attacks and breach more organizations, Cisco researchers said.

Threat cluster launches extortion campaign using social engineering: www.cybersecuritydive.com/news/credent... (by David Jones)

React2Shell vulnerability helps hackers steal credentials, AI platform keys and other sensitive data The stolen information could help the hackers plan follow-up attacks and breach more organizations, Cisco researchers said.

React2Shell vulnerability helps hackers steal credentials, AI platform keys and other sensitive data: www.cybersecuritydive.com/news/credent... (by @ericjgeller.com)

Hims & Hers says limited data stolen in social engineering attack The telehealth provider said hackers gained access to a third-party customer service platform, but medical records remained secure.

Hims & Hers says limited data stolen in social engineering attack: www.cybersecuritydive.com/news/hims-he... (by David Jones)

Critical flaw in FortiClient EMS under exploitation Fortinet released an emergency hotfix after security researchers discovered the vulnerability being exploited as a zero-day.

Critical flaw in FortiClient EMS under exploitation: www.cybersecuritydive.com/news/critica... (by David Jones)

Trump’s FY2027 budget again targets CISA The White House reiterated accusations about CISA’s counter-misinformation work to justify a major proposed reduction.

Trump’s FY2027 budget again targets CISA: www.cybersecuritydive.com/news/cisa-wh... (by @ericjgeller.com)

Researchers warn of critical flaws in Progress ShareFile Attackers could chain vulnerabilities together, leading to configuration changes or remote code execution.

Researchers warn of critical flaws in Progress ShareFile: www.cybersecuritydive.com/news/researc... (by David Jones)

Government agencies see cyber threats as major barrier to tech improvements Federal leaders also see opportunities to accelerate cyber defense with AI, according to a new report, but most agencies are still only testing AI tools.

Government agencies see cyber threats as major barrier to tech improvements: www.cybersecuritydive.com/news/cyberse... (by @ericjgeller.com)

Critical flaw in F5 BIG-IP faces wide exploitation risk The company revised a security advisory as newly disclosed information heightens the potential impact.

Critical flaw in F5 BIG-IP faces wide exploitation risk: www.cybersecuritydive.com/news/critica... (by David Jones)

Retail and hospitality CISOs expect budget growth, new AI headaches and opportunities More than eight in 10 security leaders in the sector say they’ve rolled out an AI governance framework to some degree, a new survey found.

Retail and hospitality CISOs expect budget growth, new AI headaches and opportunities: www.cybersecuritydive.com/news/retail-... (by @ericjgeller.com)