Latest

Anti-Phishing, DMARC

China-Backed Hackers Intensify Attacks on Taiwan Chipmakers

Prajeet Nair  •  July 17, 2025

Chinese state-aligned hackers have ramped up espionage efforts against Taiwan's semiconductor ecosystem through spear-phishing campaigns. Three distinct threat actors targeted chipmakers, packaging and testing firms, equipment suppliers and financial analysts.

Governance & Risk Management

Golden dMSA Flaw Exposes Firms to Major Credential Theft

Prajeet Nair  •  July 17, 2025

A critical cryptographic flaw in Windows Server 2025's delegated Managed Service Accounts, or dMSAs, allows attackers to generate passwords for every managed service account across an Active Directory forest and create a backdoor, Semperis researchers found.

Security Operations

Coro's New CEO Prioritizes Channel-Driven Global Expansion

Michael Novinson  •  July 17, 2025

As Coro's new CEO, Joe Sykora is steering the SMB cybersecurity platform provider toward rapid international growth with a 100% partner-focused strategy, revamped operations and new tools for MSPs in an effort to dominate the underserved small and midsize business cybersecurity market.

Fraud Management & Cybercrime

Extradited Armenian Tied to Ryuk Ransomware Faces US Trial

Mathew J. Schwartz  •  July 17, 2025

A 33-year-old Armenian man, Karen Vardanyan, accused of facilitating Ryuk ransomware attacks against numerous organizations, is due to stand trial in the U.S. in August. The FBI said the Ryuk operation earned at least $15 million in cryptocurrency ransom payments from victims.

Cybercrime

Breach Roundup: Fashion House Louis Vuitton Confirms Breach

Anviksha More  •  July 17, 2025

This week: Louis Vuitton and Co-op confirm breaches, unpatched train brake flaw, Barclays fined £42M pounds for financial crime failures, secret U.K. program relocated thousands of Afghans, ex-soldier pleads guilty to hacking, Ukrainian hackers claim hit on Russian drone supplier.

►

Cloud Security

Wiz Deal Highlights Google's Multi-Cloud Security Strategy

Michael Novinson  •  July 17, 2025

COO Francis deSouza shares insights into Google Cloud’s security priorities as it pursues the $32 billion acquisition of Wiz. He explains the need for seamless multi-cloud protection, the value of Mandiant's threat intelligence, and how AI is changing threat detection and response at scale.

Cybercrime

Topsy-Turvy Data Breach Reality: Incidents Up, Victims Down

Mathew J. Schwartz  •  July 17, 2025

Data breaches rage on. In the first half of this year, the Identity Theft Resource Center counted 1,732 total data breaches affecting 166 million people, marking a rise in data breaches but a decline in victims, likely due to a drop in mega-breaches.

►

Cyberwarfare / Nation-State Attacks

It's Time to Include Geopolitical Risk in Defense Planning

Anna Delaney  •  July 17, 2025

Geopolitical tensions are no longer limited to headlines or high-level diplomacy. They drive cyber risk, supply chain disruption and regulatory fragmentation. CyXcel's Megha Kumar makes the case for why companies need to take notice and embed geopolitical risks in ongoing security planning.

Governance & Risk Management

Lansweeper Purchases Redjack to Strengthen Asset Discovery

Michael Novinson  •  July 17, 2025

Lansweeper has acquired Redjack to combine detailed scanning with passive discovery, offering real-time asset inventories that fuel zero trust, business continuity and attack surface management. The combined offering enhances support for cybersecurity through automation and real-time data.

Application Security

UK NCSC Announces Software Vulnerability Initiative

Akshaya Asokan  •  July 16, 2025

The U.K. NCSC will collaborate with industry experts for vulnerability detection and mitigation as part of its latest Vulnerability Research Initiative. The announcement comes on the heels of funding concerns for the U.S. government-based Common Vulnerabilities and Exposures program.

3rd Party Risk Management

North Korea Floods NPM Registry with Malware

Prajeet Nair  •  July 16, 2025

North Korean threat actors escalated their software supply chain attacks by uploading 67 new malicious packages to the npm Registry as part of the ongoing Contagious Interview campaign. The malware targets open-source JavaScript developers with malware loaders.

Artificial Intelligence & Machine Learning

AI Giants Push for Transparency on Models' Inner Monologue

Rashmi Ramesh  •  July 16, 2025

AI researchers from OpenAI, Google DeepMind and Anthropic and others have urged deeper study into chain-of-thought monitoring, a technique to track how reasoning models arrive at answers. Their joint paper warns that transparency may erode if not prioritized.