darkreading

The security vendor counters that none of the information came directly from its systems but rather was acquired over a period of time by targeting individuals.

Tenable released details of a Google Cloud Run flaw that prior to remediation allowed a threat actor to escalate privileges.

The FDA's regulations and guidance aim to strike a balance between ensuring rigorous oversight and enabling manufacturers to act swiftly when vulnerabilities are discovered.

A continuation of the North Korean nation-state threat's campaign against employment seekers uses the social engineering attack to target CeFi organizations with the GolangGhost backdoor.

Although Oracle has denied its cloud infrastructure services were breached, security experts recommend Oracle customers independently verify if they were affected and take measures to reduce exposure to potential fallout.

Next-level malware represents a new era of malicious code developed specifically to get around modern security software like digital forensics tools and EDR, new research warns.

New research from Specops Software shows attackers successfully attack and gain access to RDP with the most basic passwords.

The department was able to trace the stolen funds to three main cryptocurrency accounts after being routed through a series of other platforms.

Threat actors are exploiting a vulnerability in Ivanti Connect Secure first disclosed by the vendor in January.

The cybersecurity artificial intelligence (AI) model and agent will help organizations improve threat detection and incident response.

Positioning security leaders as more than risk managers turns them into business enablers, trusted advisers, and, eventually, integral members of the C-suite.

Attackers post links to fake websites on LinkedIn to ask people to complete malicious CAPTCHA challenges that install malware.

The General Services Administration is planning to use automation to speed up the process of determining which cloud services federal agencies are allowed to buy.

Based on the open source NGINX Web server, the malicious tool allows threat actors to steal user credentials and session tokens.

Evidence suggests an attacker gained access to the company's cloud infrastructure environment, but Oracle insists that didn't happen.

The attack hit the Kuala Lumpur airport over the weekend, and it remains unclear who the threat actors are and what kind of information they may have stolen.