Senator Maria Cantwell, D-Wash., wants hearings to force AT&T and Verizon to disclose how they’ve responded to the hacks to protect telecom networks.

Limited attacks occurred prior to Ivanti’s disclosure, followed by mass exploitation by multiple threat groups. More than 1,400 potentially vulnerable instances remain exposed.

The Chinese APT group Lotus Blossom intruded the tool’s internal systems to snoop on a limited set of users’ activities, according to researchers.

The actions impaired some of IPIDEA’s proxy infrastructure, but not all of it. The effort underscores the back-and-forth struggle of taking out pieces of cybercriminals’ vast and…

The trio, which share lineage with the more broadly defined Lazarus Group, are focused on espionage and cryptocurrency theft, according to CrowdStrike.

Attackers have exploited the critical defect to reconfigure firewall settings and create unauthorized accounts with privileged access to multiple versions of the vendor’s security products.

Nation-state groups are consistently exploiting the defect to target victims in military, government and technology for espionage.

Cybercrime groups, including one that identifies as ShinyHunters, are targeting single sign-on services to gain access to victim networks and steal data.

Ransomware negotiators dish on being in a ‘moral gray zone,’ unrestricted by accountability or industrywide rules of engagement.

ANCHOR will restart conversations between government and industry around critical infrastructure security, with some changes around liability and other areas.