darkreading

Data centers — used by both governments and militaries for operations — are now fair game, not just for cyberattacks, but for kinetic attacks as well.

For a change, there's little in this month's Patch Tuesday that should cause panic, according to security experts.

Some customers have mishandled guest user configurations otherwise intended to allow third-party access to important — and sensitive — client data.

After several years of using simple implants, the Russia-affiliated actor is back with two new sophisticated malware tools.

A campaign by Russian-speaking cyberattackers hijacks workflows to deliver security-busting malware, allowing attackers to steal data without detection.

In a seven-page strategy document, the Trump administration signaled a shift to preemption and deterrence to handling cyber threats.

A fresh cyberattack campaign blends malvertising with a ClickFix-style technique that highlights risky behavior with AI coding assistants and command-line interfaces.

With the rapid innovations in AI, we are entering an exciting era of automated risk remediation. Learn about security team readiness to leverage agentic AI for threat and exposure management.

An undefined Chinese-speaking actor wields a combo of custom malware, open source tools, and LOTL binaries against Windows and Linux, likely for spying.

Cylake's platform will analyze security data locally and identify potential attacks for organizations concerned about data sovereignty.

DPRK worker scams are old hat, but they're still working, thanks to AI tools that help with everything from face swapping to daily emails.

The European Union is taking new precautions as climate change and cybersecurity threats rise across the automotive industry.

Iran has been hacking IP cameras to plan missile strikes against its enemies, and mounting other attacks on physical assets, showing how cyber and kinetic warfare are fast becoming one and the same.

Using Anthropic's Claude, OpenAI's ChatGPT, and a detailed playbook prompt, a handful of cyberattackers reportedly gained access to government agencies and its citizens' data.

Pakistan's APT36 threat group has begun using vibe-coding to churn out mediocre malware, but at a scale that could overwhelm defenses.

The phishing-as-a-service platform was popular among cyber threat actors because of its ability to bypass multifactor authentication defenses.

Edge bugs are so fetch, and Cisco just patched 50 new ones, including some heavy hitters with 10 out of 10 scores on the CVSS scale.

Fig Security's platform traces security data flows end-to-end across SIEMs, pipelines, and response systems to alert teams before infrastructure changes break critical defenses.

Organizations can borrow secure-by-design processes to manage non-technical challenges like governance or the inevitable human error.

Much of Central and South America struggles with cybersecurity maturity, and hackers are taking advantage.