darkreading

A SLAAC-spoofing, adversary-in-the-middle campaign is hiding the WizardNet backdoor malware inside updates for legitimate software and popular applications.

Dan Gorecki and Scott Brammer's interactive session during RSAC Conference 2025 encouraged security professionals to rethink their security postures and address evolving and emerging risks.

Opportunistic threat actors targeted Portuguese and Spanish speakers by spoofing Portugal's national airline in a campaign offering compensation for delayed or disrupted flights.

Secretary Noem asks the cybersecurity community to get in touch with CISA to help reshape the agency to focus on finding efficiencies.

Leaders at federal research organizations DARPA, ARPA-I, and ARPA-H discussed the myriad obstacles in addressing critical infrastructure security at RSAC Conference 2025.

Thousands of automatic tank gauge (ATG) devices are accessible over the Internet and are just "a packet away" from compromise, security researcher warns at 2025 RSAC Conference.

Making a case for empathy in cyber-leadership roles as a strategic business advantage.

Barbara Grofe, space asset security architect at Spartan Corp, discussed the realities of hacking in space, and the outlook is not pie-in-the-sky.

How does a company defend itself from cyberattacks by a foreign adversary? A collection of experts gathered at this year's RSAC Conference to explain how the US can help.

The current offline/open source model boom is unstoppable. Its impact depends on how well the risks are managed today.

A spear-phishing campaign sent Trojanized versions of legitimate word-processing software to members of the World Uyghur Congress as part of China's continued cyber-espionage activity against the ethnic minority.

NVIDIA's DOCA Argus prevents attacks before they compromise AI architectures.

The number of vulnerabilities exploited by attacks may not be growing these days, but they are increasingly affecting enterprise technologies.

CVE-2025-31324 is a maximum severity bug that attackers exploited weeks before SAP released a patch for it.

Attackers are leveraging the benefits of new technology and the availability of commodity tools, credentials, and other resources to develop sophisticated attacks more quickly than ever, putting defenders on their heels.

Security teams are under more pressure than ever — and cybersecurity debt is adding fuel to the fire. While it can't be eliminated overnight, it can be managed.

The Department of Justice has announced compliance rules for its Data Security Program that will require organizations to reexamine how they do business and with whom.

An analysis of more than a half-million mobile apps find encryption problems, privacy issues, and known vulnerabilities in third-party code. What can users and developers do?

By focusing on prevention, education, and risk transfer through insurance, organizations — especially SMEs — can protect themselves from the rapidly escalating threats of cyberattacks.

Two kinds of attacks are in high gear: ransomware attacks against OEMs and compromised electric vehicle chargers, according to data from Q1 2025.