Verizon’s annual Data Breach Investigations Report uncovered a surge of exploited vulnerabilities, and a growing lack of critical defect remediation industrywide.

The threat group behind the attacks is also linked to a series of recently disclosed vulnerabilities in the vendor’s firewalls and SD-WAN systems.

ShinyHunters, a prolific cybercrime group, threatened to leak data from more than 8,800 school systems.

The vendor hasn’t released a patch for the vulnerability or described the scope and objective of confirmed attacks.

The agency will begin targeted assessments meant to help critical infrastructure entities operate while disconnecting OT networks from IT and third-party vendors.

Xu Zewei was allegedly directed by China’s intelligence services to conduct a sweeping espionage campaign to steal data on COVID-19 research and other U.S. policy interests.

With global cyber threats escalating and budget cuts looming, CISA needs a Senate-confirmed director. It’s time to confirm Sean Plankey.

The global campaign marks the second series of multiple actively exploited zero-day vulnerabilities in Cisco edge technology since last spring. The similarities don’t end there.

The high-severity vulnerability is under active exploitation and affects many versions of MongoDB, a nearly ubiquitous open-source database.

Attacker interest in the vulnerability is magnified by an unparalleled number of publicly available exploits, earning the defect the highest verified public exploit count of any CVE…