darkreading

The vulnerability, which has a CVSS score of 9.8, is under attack and allows threat actors to remotely execute arbitrary commands on servers running the agentic AI builder.

The vulnerabilities affect SonicWall's SMA devices for secure remote access, which have been heavily targeted by threat actors in the past.

As attacks accelerate, security leaders must act to gain visibility across their entire institution's network and systems and continuously educate their users on best practices.

Documented in a series of social media posts, cybersecurity experts shared with Dark Reading their insights on RSAC 2025 throughout the week.

Researchers from Arctic Wolf Labs detailed a new spear-phishing campaign that targets hiring managers and recruiters by posing as a job seeker.

While passkeys offer enhanced security against phishing and credential theft, implementation hurdles, cross-platform inconsistencies, and user experience challenges pose significant barriers to widespread adoption.

Industry experts at RSAC 2025 called for urgent accountability in addressing technology's negative impact on youth, highlighting concerns about Internet anonymity, mental health, and the growing disconnect between generations.

After stealing sensitive data from Disney, Ryan Mitchell Kramer claimed to be part of a Russian hacktivist group protecting artists' rights and ensuring they receive fair compensation for their work.

When designed with strong governance principles, AI can drive innovation while maintaining the people's trust and security.

A series of cyberattacks have struck multiple major British retailers in recent weeks, and a ransomware gang has reportedly claimed responsibility.

According to the New York Department of Financial Services, finance companies operating in New York — even if not based there — must implement a variety of protections against unauthorized access to IT systems.

Software teams need to follow security best practices to eliminate the leak of secrets, as threat actors increase their scanning for configuration and repository files.

While law enforcement has identified and arrested several alleged members, the notorious threat group continues to wreak havoc.

Gutting CISA won't just lose us a partner. It will lose us momentum. And in this game, that's when things break.

This year's top cyber challenges include cloud authorization sprawl, ICS cyberattacks and ransomware, a lack of cloud logging, and regulatory constraints keeping defenders from fully utilizing AI's capabilities.

A panelist of SANS Institute leaders detailed current threats and provided actionable steps for enterprises to consider.

Real IDs have been in the works since 2005. Are their security standards still rigorous enough in 2025?

Microsoft has set May 5 as the deadline for bulk email compliance. In this Tech Tip, we show how organizations can still make the deadline.

Organizations are underestimating the advanced technology's risks to the software supply chain, according to a new LevelBlue report.

How one unreasonable client got lucky during a cyber incident, despite their unreasonable response to the threat.