darkreading

With access to SIM, location data, and a preview of recent SMSes, attackers have everything they need for account takeover or targeted social engineering.

Three of those zero-days are security feature bypass flaws, which give attackers a way to slip past built-in protections in multiple Microsoft products.

Ironically, security by obscurity has helped prevent dangerous OT attacks in recent years. It won't be that way forever.

The acquisition allows the credit reporting agency to add SMS spam and scam prevention to its robocall blocking capabilities.

The ransomware group breached SmarterTools through a vulnerability in the company's own SmarterMail product.

The threat actor has been compromising cloud environments at scale with automated worm-like attacks on exposed services and interfaces.

Researchers discovered a newly disclosed vulnerable driver embedded in Reynolds' ransomware, illustrating the increasing popularity of the defense-evasion technique.

Ask the Expert: Organizations need to close the ownership vacuum, establish durable security controls, and ensure printers are protected as rigorously as other endpoints.

The Electronic Frontier Foundation is urging major technology companies to follow through on their promises to implement end-to-end encryption (E2E) by default across their services, as privacy concerns mount amid increased AI use.

Recent supply chain attacks involving self-propagating worms have spread far, but the damage and long-term impact is hard to quantify.

Malicious "skills" and persnickety configuration settings are just some of the issues that security researchers have found when installing — and removing — the OpenClaw AI assistant.

The forensic tool's driver was signed with a digital certificate that expired years ago, but major security gaps allowed Windows to load it.

Someone used AI to build an entire Web platform, which then did something predictable and preventable: It exposed all its data through a publicly accessible API.

A disconnect exists between an organization's cybersecurity needs and lists like CISA's KEV Catalog. KEV Collider combines data from multiple open source vulnerability frameworks to help security teams quickly assess which are important, based on their priorities.

Col. Georgeo Xavier Pulikkathara, CISO at iMerit, discusses the importance of fundamentals, continuous learning, and human ingenuity in the face of AI-driven cybersecurity evolution.

Iranian threat actors have been stealing credentials from people of interest across the Middle East, using spear-phishing and social engineering.

DragonForce is taking cues from organized crime, emphasizing cooperation and coordination among ransomware gangs.

A third of the "flipped" CVEs affected network edge devices, leading one researcher to conclude, "Ransomware operators are building playbooks around your perimeter."

By tapping the unusual .scr file type, attackers leverage "executables that don't always receive executable-level controls," one researcher noted.

Dark Reading has something new hitting the newsstand: a content section purpose-built for Latin American readers, featuring news, analysis, features, and multimedia.