Hackers Target Zero-Day Vulnerability to Exploit CrushFTP

Mathew J. Schwartz • July 21, 2025

Managed file-transfer software developer CrushFTP said a zero-day vulnerability in its tool's web interface is being actively exploited to gain admin-level access to servers. The company urged immediate updating, saying all versions of its software released since July 1 are patched.

Governance & Risk Management

Topsy-Turvy Data Breach Reality: Incidents Up, Victims Down

Latest

Governance & Risk Management

The MFA Illusion: Rethinking Identity for Non-Human Agents

Suparna Goswami • July 21, 2025

The explosion of agentic AI and autonomous bots to orchestrate cross-system tasks is turning MFA into a brittle defense. Non-human identities often bypass human-centric security controls, operating with static credentials and undefined ownership, creating exploitable identity risks.

Network Detection & Response

Darktrace Buys Network Traffic Visibility Firm Mira Security

Michael Novinson • July 21, 2025

Darktrace purchased a network traffic visibility startup to get insights from encrypted network traffic and decryption for customers in regulated industries. Mira Security will provide organizations with deeper, more comprehensive visibility across on-premises, cloud and hybrid environments.

Cyberwarfare / Nation-State Attacks

Cyberattacks Surging Across Indo-Pacific, Researchers Warn

Chris Riotta • July 21, 2025

A Center for a New American Security study found China and North Korea are accelerating cyberattacks, influence operations and infrastructure breaches across the Indo-Pacific, as researchers urge the U.S. to help develop a regional cyber shield, and deploy forward cyber teams.

3rd Party Risk Management

File Transfer Flaw Blamed in Health Breach Affecting 233,000

Marianne Kolbasuk McGee • July 21, 2025

A Connecticut-based firm that provides print and electronic document management services to health plans has reported to regulators that an exploit of a vulnerability in file transfer software from third-party vendor Cleo has resulted in a health data compromise affecting nearly 233,000 people.

Cyberwarfare / Nation-State Attacks

UK Sanctions 3 Russian Military Cyber Units

Akshaya Asokan • July 21, 2025

The U.K. government on Friday sanctioned three Russian Military Intelligence Service units 29155, 26165 and 74455 in the United Kingdom and Ukraine. The sanctions also targeted 18 Russian officials for their role in GRU cyber operations dating back to 2013.

Artificial Intelligence & Machine Learning

AI Needs a Firewall and Cloud Needs a Rethink

Rahul Neel Mani • July 21, 2025

The cloud was meant to be cheaper, but it's not. A bold new vision is emerging: one that slashes costs, decentralizes AI and secures APIs at the edge. From inference to firewalls, a reimagined internet is challenging hyperscaler dominance.

Access Management

Identity and Access Management (IAM) Market Guide 2025

Dan Verton • July 21, 2025

The Identity and Access Management (IAM) Market Guide 2025 provides an essential industry briefing on the evolving identity security ecosystem - offering unparalleled insights into the trends, technologies and market forces reshaping IAM this year.

Application Security

Botnet Abuses GitHub Repositories to Spread Malware

Prajeet Nair • July 18, 2025

Threat actors are using public GitHub repositories to host and distribute malware through the Amadey botnet in an ongoing campaign linked to a broader malware-as-a-service operation, Cisco Talos said in a report published Thursday.

Artificial Intelligence & Machine Learning

Security, AI Oversight Are Flashpoints in Draft Defense Bill

Chris Riotta • July 18, 2025

Washington is wagering that future conflicts will unfold as much in cyberspace as on the battlefield, with House and Senate lawmakers unveiling dueling drafts of a nearly $900 billion defense bill that spotlights needs for cybersecurity and artificial intelligence technology.

Data Breach Notification

Texas Drug, Alcohol Testing Firm Hack Affects Nearly 750,000

Marianne Kolbasuk McGee • July 18, 2025

A Texas-based firm that conducts workplace drug and alcohol testing for private employers and for compliance with state and federal agencies, including the Department of Transportation, disclosed to regulators that a July 2024 hacking incident affected nearly 750,000 people.

Artificial Intelligence & Machine Learning

ISMG Editors: Seychelles Bank Breach Echoes 'Panama Papers'

Anna Delaney • July 18, 2025

In this week's update, four ISMG editors discussed the potential global implications of the Seychelles Commercial Bank data breach; the real-world threat of train hacks following an alert about a critical railway vulnerability; and growing concerns around AI's "comprehension problem."

Artificial Intelligence & Machine Learning

Why the ROI of Enterprise AI Still Eludes Many Firms

Rashmi Ramesh • July 18, 2025

As enterprises pour billions into generative AI, many struggle to translate hype into measurable returns on investment. From data prep costs and hallucination risk to poor implementation and organizational inertia, experts say the real payoff may still be years away.