darkreading

Whether by intercepting its traffic or just giving it a little nudge, GitHub's AI assistant can be made to do malicious things it isn't supposed to.

The rate of evolution has been glacial, but tools now understand cloud environments and can target Web applications.

The addition of Solvo CSPM to CYE Hyver aims to address the need for multicloud vulnerability monitoring and risk assessment.

Amateurish financial scams are common across Africa, and Namibia's influential former first lady, Monica Geingos, has emerged as a particularly effective host body for these messages.

While Microsoft has boosted the security of Windows Print Spooler in the three years since the disclosure of the PrintNightmare vulnerability, the service remains a spooky threat that organizations cannot afford to ignore.

The threat actor is using a sophisticated network of VPNs and proxies to centrally manage command-and-control servers from Pyongyang.

VulnCheck initially disclosed the critical command-injection vulnerability (CVE-2024-40891) six months ago, but Zyxel has yet to mention its existence or offer users a patch to mitigate threats.

Yet another spinoff of the infamous DDoS botnet is exploiting a known vulnerability in active attacks, while its threat actors are promoting it on Telegram for other attackers to use as well, in a DDoS-as-a-service model.

Managing third-party risk in the SaaS era demands a proactive, data-driven approach beyond checkbox compliance.

Cybersecurity can't always be "Department of No," but saying yes all the time is not the answer. Here is how to enable innovation gracefully without adding risk to the organization.

The impetus for CrowdStrike's new professional services came from last year's Famous Chollima threat actors, which used fake IT workers to infiltrate organizations and steal data.

The ransomware group provides everything an affiliate could want to breach and attack victims, including a quality controlled recruitment system to engage even more criminals.

The now-fixed vulnerability involved a major travel services company that's integrated with dozens of airline websites worldwide.

In their discovery, researchers found 31 PDF files linking to these phishing websites, none of which have been yet submitted to VirusTotal.

Concerns include everything from ransomware, malware, and phishing attacks on the game's infrastructure to those targeting event sponsors and fans.

Compliance standards are mandating better data security. There are several ways to do this, but most organizations would admit that erasure is not one of them.

Globally, security researchers and whistleblowers face increasingly hostile laws and judiciaries that are ready to levy fines and prison sentences.

Quantum computing will bring new security risks. Both professionals and legislators need to use this time to prepare.

The firewall specialist has patched the security flaw, which was responsible for a series of attacks reported earlier this month that compromised FortiOS and FortiProxy products exposed to the public Internet.

Malware writing is only one of several malicious activities for which the new, uncensored generative AI chatbot can be used.