A startling majority — 82% — of K-12 schools experienced a cyber incident between July 2023 and December 2024, according to a report released Thursday by the nonprofit Center for Internet Security.

President Trump has named Sean Plankey to become the director of the CISA. Plankey previously held key roles at the Department of Energy and National Security Council during the first Trump administration.

A massive botnet comprising more than 30,000 hacked security cameras and network video recorders is being used to launch DDoS attacks against telecom providers and gaming platforms, as per researchers from Nokia Deepfield and GreyNoise.

State and local communities are facing a rise in cyber threats from nation-state-linked and criminal threat groups, which in many cases are looking to undermine confidence in public institutions, according to a report by the MS-ISAC.

Karen Evans, who first joined CISA in January as a senior adviser, will be responsible for leading the agency’s cybersecurity efforts as the national coordinator for critical infrastructure security and resilience.

GreyNoise researchers observed active exploitation of two Cisco vulnerabilities, CVE-2018-0171 and CVE-2023-20198, which reportedly have been used in recent attacks by the Chinese nation-state threat group known as Salt Typhoon.

Horizon3.ai researchers on Wednesday released technical details and a proof-of-concept (PoC) exploit for four critical Ivanti vulnerabilities that were first disclosed and patched last month.

In 75% of the ransomware incidents Huntress observed in 2024, threat actors used remote access Trojans (RATs), while 17.3% of attacks featured abused of remote monitoring and management tools like ConnectWise ScreenConnect, TeamViewer and LogMeIn.

President Donald Trump plans to nominate Sean Cairncross, a former official at the Republican National Committee, as the next national cyber director, according to a list of planned nominees obtained by Cybersecurity Dive.

Ransomware payments fell by 35% in 2024, from $1.25 billion in 2023 to about $814 million, according to a Chainalysis report. This decline in payments occurred even though there was a rise in ransomware attacks during the second half of the year.