Cybersecurity Dive

We offer fresh insights into the most recent developments in the Cybersecurity sector. Cybersecurity Dive is a top-tier publication managed by Industry Dive. Our team of journalists generates ideas and influences agendas for over 5 million decision-makers in the most competitive fields.

Trade/B2B

English

Online/Digital

Outlet metrics

Domain Authority

Ranking

Global

#282213

United States

#98399

Computers Electronics and Technology/Computer Security

#302

Traffic sources

Monthly visitors

Articles

Gartner: How to build a secure enterprise cloud environment

3 days ago | cybersecuritydive.com | Richard Bartley |Research VP

For enterprises, the cloud is no longer just an option; it's a necessity. With 80% of businesses now viewing the public cloud as vital to their digital objectives, the pressure is on to integrate security from the get-go because without proper security measures, the risk of breaches and cyberattacks looms large. So, how can businesses leverage cloud technology for growth while maintaining robust security?
Older SonicWall SMA100 vulnerability exploited in the wild

1 week ago | cybersecuritydive.com | Rob Wright

SonicWall on Tuesday disclosed that an OS command-injection vulnerability in SonicWall SMA100 remote-access appliances, tracked as CVE-2021-20035, has been exploited in the wild. The vulnerability was first disclosed and patched in September 2021. The vulnerability was initially assigned a medium-severity CVSS score of 6.5. However, SonicWall raised the score to 7.2, making CVE-2021-20035 a high-severity flaw.
Bill extends cyber threat info-sharing between public, private sector

1 week ago | cybersecuritydive.com | Elizabeth Montalbano

Two federal lawmakers today introduced a bi-partisan bill that preserves key regulation that facilitates the sharing of cyber-threat data between private companies and the federal government. The Cybersecurity Information Sharing Extension Act, introduced by U.S. Senators Gary Peters (D-MI) and Mike Rounds (R-SD), would extend provisions of the Cybersecurity Information Sharing Act of 2015, which is due to expire in September.
Mitre CVE program regains funding as renewal deal reached

1 week ago | cybersecuritydive.com | David Jones

The Cybersecurity and Infrastructure Security Agency said it reached an agreement to renew funding for a software vulnerability program that is used by the information security community to address security flaws. The funding will be restored for a period of 11 months, according to officials familiar with the decision. Mitre Corp. on Tuesday had warned that funding to operate the Common Vulnerabilities and Exposures program would expire as of today.
CISA launches new wave of job cuts

1 week ago | cybersecuritydive.com | David Jones

The Cybersecurity and Infrastructure Security Agency is in the process of a major push to eliminatejobs, starting with a voluntary resignation program, part of a wider effort by the Trump administration to reduce the size of the federal workforce. CISA is now participating in workforce transition programs from the Department of Homeland Security, according to an agency spokesperson.
Attackers exploit zero-day flaw in Gladinet CentreStack file-sharing platform

1 week ago | cybersecuritydive.com | Rob Wright

Huntress on Monday published research that showed exploitation of CVE-2025-30406, a deserialization vulnerability in Gladinet's CentreStack enterprise file-sharing platform for managed service providers (MSPs). The cybersecurity vendor said seven organizations were compromised via the zero-day flaw, which involves a hardcoded cryptographic key that can be used to gain remote code execution.
Hertz says personal data breached in connection with Cleo file-transfer flaws

1 week ago | cybersecuritydive.com | David Jones

Hertz Corp. confirmed a threat actor gained access to sensitive personal data in a breach linked to vulnerabilities in Cleo file-transfer software, according to a filing Friday with the Maine Attorney General’s office. Hertz said it learned on Feb. 10 that an unauthorized third party obtained the data in connection with an attack spree that took place between October and December 2024. Hertz completed an analysis of the stolen data on April 2.
Over 14K Fortinet devices compromised via new attack method

1 week ago | cybersecuritydive.com | Rob Wright

The Shadowserver Foundation reported Saturday that more than 14,000 Fortinet devices across the globe have been compromised by a threat actor that exploited known vulnerabilities and deployed a symlink-based persistence mechanism.
Aviation sector faces heightened cyber risks due to vulnerable software, aging tech

1 week ago | cybersecuritydive.com | David Jones

The aviation industry is facing significant threats to its ability to maintain cyber resilience and must address key issues ranging from aging technology, outdated software and growing risks from sophisticated threat actors, according to a report released Thursday from the Foundation for Defense of Democracies. The report calls on the Federal Aviation Administration to conduct a comprehensive modernization of the nation’s air traffic control system with a strong focus on cyber resilience.
Why One Startup Thinks Cybersecurity Tools Aren’t the Problem—But How We Use Them Is | Cybersecurity Dive

1 week ago | cybersecuritydive.com | Trevor Lane

NEW YORK — In the rapidly evolving landscape of cybersecurity, organizations often invest heavily in advanced tools to shield their digital assets. Yet, a critical oversight persists: the misconfigurations of these tools that lead to significant security breaches. In 2023, 75% of cloud breaches resulted from misconfigurations. In one incident, an unsecured server leaked three terabytes of Pentagon emails. The problem wasn’t the tools but how they were used.