Cybersecurity Dive

2 days ago | cybersecuritydive.com | Eric Geller

This audio is auto-generated. Please let us know if you have feedback. Many federal contractors are initiating Cybersecurity Maturity Model Certification (CMMC) audits even before the Pentagon’s assessment program fully takes effect, according to a newly published report by enterprise software firm Deltek. Nearly 70% of companies that expect to be covered by CMMC — the military’s suite of cybersecurity requirements for defense contractors — plan to undergo a third-party audit this year.

5 days ago | cybersecuritydive.com | David Jones

A second wave of cyberattacks is targeting a critical vulnerability in SAP NetWeaver Visual Composer, according to researchers. Following the initial round of threat activity disclosed in April, opportunistic threat actors are leveraging webshells that were previously established through exploitation of CVE-2025-31324. The vulnerability, with a CVSS score of 10, allows unauthenticated attackers to upload arbitrary files and take full control of a system, according to researchers at Onapsis.

5 days ago | cybersecuritydive.com | Nicole Laskowski

This audio is auto-generated. Please let us know if you have feedback. CIOs are experiencing a cybersecurity anomaly. Nearly 9 in 10 organizations had a breach in the last year, according to a Vanson Bourne survey of 1,000 IT leaders commissioned by service provider Logicalis Group. Half of respondents said they overinvested in security technology while the same proportion admitted they don’t fully use features they’ve paid for. Complexity was a major challenge.

6 days ago | cybersecuritydive.com | David Jones

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of unsophisticated threat actors targeting industrial control systems and operational technology environments in key critical infrastructure sectors. The guidance, co-authored by the U.S. Department of Energy and the Environmental Protection Agency, said the threat activity targeted critical infrastructure in the oil and gas industry and involved the energy and transportation sectors.

1 week ago | cybersecuritydive.com | Eric Geller

This audio is auto-generated. Please let us know if you have feedback. Cyber insurer Coalition said its customers filed slightly fewer ransomware claims in 2024 than they did the previous year, according to a new report published Wednesday. Average ransomware losses in the U.S. ($108,000) were slightly lower than the global average ($115,000), according to Coalition’s 2025 Cyber Claims Report.