darkreading

Security experts weigh in on the problem Salt Typhoon and its hacking of telecoms poses against the United States, including what the US should do and how defenders can protect themselves.

Malicious packages lurking on open source repositories like npm have become less effective, so cyberattackers are using a new strategy: offering "patches" for locally installed programs.

Failing to distinguish between data privacy and data security leaves businesses vulnerable to regulatory scrutiny and the kinds of breaches that erode consumer trust overnight.

Darktrace researchers detailed "spam bombing," a technique in which threat actors bombard targets with spam emails as a pretense for activity like social engineering campaigns.

Google Unified Security brings together threat detection, AI-powered security, secure browser features, and Mandiant services, the company said at its Cloud Next conference.

The security teams associated with the 2024 Olympic Games in Paris focused on in-depth penetration testing, crisis management exercises, and collaboration to defend against potential cyberattacks.

A review of the emails involved in the breach is still ongoing, but what has been discovered is enough for the Treasury Department to label it a "major cyber incident."

Attacks on a critical authentication bypass flaw in CrushFTP's file transfer product continue this week after duplicate CVEs sparked confusion.

Cybersecurity and policy experts worry that if tariffs give way to a global recession, organizations will reduce their spending on cybersecurity.

The database company said its Oracle Cloud Infrastructure (OCI) was not involved in the breach. And at least one law firm seeking damages is already on the case.

Threat actors are trolling online forums and spreading malicious apps to target Uyghurs, Taiwanese, Tibetans, and other individuals aligned with interests that China sees as a threat to its authority.

With careful planning, the transition to post-quantum cryptography can significantly improve security and risk management for the present and future.

A threat actor has already exploited one of the flaws in a ransomware campaign with victims in the US and other countries.

Healthcare and IT security practitioners worry that some of the proposed amendments are not practical for a sector that lacks resources and often uses legacy equipment.

The cybersecurity startup has emerged from stealth with an AI-native security platform to automate security policies for AI applications.

Artificial intelligence poses a significant concern when it comes to nation-state cyberthreats and AI's ability to supercharge attacks.

Neither security issue requires user interaction, and one of the vulnerabilities was used to unlock a student activist's device in an attempt to install spyware.

The malware's creators insist a new open source version of Neptune is for educational use by pen testers, but a raft of sophisticated backdoor and evasion capabilities says otherwise.

No-code and low-code platforms offer undeniable benefits. But when security is an afterthought, organizations risk deploying vulnerable applications that expose sensitive data and critical systems.

Secure by Design is an important step to reduce the number of vulnerabilities present originally, but is it progressing fast enough? According to security experts Chris Wysopal and Jason Healey, the landscape is improving.