darkreading

CVE-2025-53521 was initially disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information has revealed the bug is actually much more dangerous.

CVE-2025-53521 was initially disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information has revealed the bug is actually much more dangerous.

The two key economic sectors struggle with security for a reason: Many insiders view access management as a roadblock, while attackers see it as a way in.

The vulnerability, which is allegedly triggered by a corrupted sticker in the messaging app, received a 9.8 CVSS score, but Telegram denies it exists.

Chinese APT Red Menshen's super-advanced BPFdoor malware defeats traditional cybersecurity protections. All telcos can do, really, is try hunting it down.

The list of countries exploiting Internet-connected cameras to give them eyes inside their adversaries' borders continues to expand. What should companies look out for?

Operational technology (OT) at industrial and critical infrastructure sites seem to have been benefitting from a lull in ransomware, and hackers' relative ignorance of OT systems.

The post-quantum future may be coming sooner than you think, as Google plans to have PQC migration in place by 2029.

Nation-state malware is being sold on the Dark Web and leaked to GitHub; and ordinary organizations might not stand much of a chance of defending themselves.

The agency put foreign-made consumer routers on its list of prohibited communications devices, but the ban could create more problems down the road.

More than a decade since the 2015 Jeep hack, the cybersecurity of vehicles remains of the utmost importance.

Threats actors pounced on the code injection vulnerability within hours of its disclosure, demonstrating that organizations have little time to address critical bugs.

Organizations repeatedly expose ports, reuse passwords, and skip patches, creating security gaps that attackers exploit for breaches. An industry veteran outlines ways to fix these common mistakes.

AI models often hallucinate or make costly mistakes when tasked with recommending software versions, upgrade paths, and security fixes — leading to significant technical debt.

Third-party resellers and brokers foil transparency efforts and allow spyware to spread despite government restrictions, a study finds.

While US government sits out this year, EU officials are on the ground in San Francisco leading the conversations on today's top cybersecurity challenges.

Publicly accusing an entity of a cyberattack could have negative consequences that organizations should consider before taking the plunge.

A series of campaigns that began in August aim to defraud job candidates, using psychological tactics and data scraped from LinkedIn profiles.

Ten finalists had three minutes to make their case for being the most innovative, promising young security company of the year. Geordie AI wins the 2026 contest.

For the first time, SANS Institute's five top attack techniques all have one thing in common — AI.