darkreading

India-nexus cyber threat actors are growing more active and sophisticated, using custom tools coded in Rust and cloud-based command and control.

Like many other features and systems in modern cars, tire pressure sensors leak sensitive data that can be abused by threat actors.

The exploitation activity against CVE-2026-21385, a high-severity memory corruption flaw, could be tied to commercial spyware or nation-state threat groups.

Lessons from history highlight why AI-enabled browsers require controlled enablement.

Workloads keep getting more complicated and organizations are struggling to keep up. So what's the play?

Iran and its supporters have taken to cyberspace to retaliate for US-Israeli military action, with an aim to cause economic and physical disruption.

The now-patched flaw is the latest in a growing string of security issues associated with the viral AI tool, which has seen rapid adoption among developers.

Speed and security are historically clashing priorities, but with AI and automation, it's increasingly important that application developers and security teams get on the same page.

The global law enforcement crackdown, which began in January 2025, also identified nearly 180 members of the notorious cybercriminal collective.

Forward Edge-AI's new Isidore Quantum is a compact, low-power hardware device designed to defend sensitive operational technology endpoints against future quantum attacks.

Attackers could have exploited the vulnerability to escalate privileges, violate user privacy while browsing, and access sensitive resources.

HBO's "The Pitt" is showing audiences what a real Mississippi healthcare system is going through this week, thanks to a ransomware attack.

Major events like the FIFA World Cup need to look beyond traditional physical and cyber security to active and passive wireless threats, say experts.

Using AI to find security vulnerabilities holds significant promise, but the initial products fall short of the needs of enterprises and software developers, say experts.

It's become a standard practice for organizations to disclose the bare minimum about a data breach, or worse — not disclose the incident at all.

Claude Code's introduction rippled across the stock market, but researchers and analysts say its impact was overstated, as they peel back the layers.

When a company gets breached through a third-party security vendor, who should bear responsibility? For one FinTech company, the answer is the firewall provider.

The maximum-severity vulnerability CVE-2026-20127 was exploited by an unknown but sophisticated threat actor who left very little evidence behind.

A Chinese keyboard warrior inadvertently leaked information about politically motivated influence operations through a ChatGPT account.

The vulnerabilities highlight a big drawback to integrating AI into software development workflows and the potential impact on supply chains.