darkreading

The threat group's goal is to help Pyongyang assess risk to its troops deployed in Ukraine and to figure out if Moscow might want more.

Fortra strengthens its endpoint-to-cloud security platform with the acquisition of Lookout's cloud application security broker, zero-trust network access, and secure Web gateway technologies.

The $168 million judgment against NSO Group underscores how citizens put little store in the spyware industry's justifications for circumventing security — but will it matter?

Threat actors are scamming users by advertising legitimate-looking generative AI websites that, when visited, install credential-stealing malware onto the victim's computer.

For years, Google has faced several legal battles over privacy and lost, though this one takes the cake for biggest ever settlement against a Big Tech firm.

The cybercriminals infected older wireless Internet routers with Anyproxy and 5socks malware in order to reconfigure them — all without the users' knowledge.

New research shows China is quickly catching up with the US in AI innovation. Experts weigh in on what it means for cyber defenders.

Agentic-native startups threaten to reduce the zero-day problem to just a zero-hour issue. Of course, AI agents will accelerate offensive attacks as well.

Cybercriminals are flocking to take part in the newly inflamed fight between India and Pakistan.

The voluntary Software Security Code of Practice is the latest initiative to come out of the United Kingdom to boost best practices in application security and software development.

Exposed data from LockBit's affiliate panel includes Bitcoin addresses, private chats with victim organizations, and user information such as credentials.

On Dark Reading's 19-year anniversary, Editor-in-Chief Kelly Jackson Higgins stops by Informa TechTarget's RSAC 2025 Broadcast Alley studio to discuss how things have changed since the early days of breaking Windows and browsers, lingering challenges, and what's next beyond AI.

The security researcher who questioned the effectiveness of a patch for recently disclosed bug in Commvault Command Center did not test patched version, the company says.

The investigation is ongoing, but the VC giant intends to inform affected customers on a rolling basis as more of the breach details come to light.

Your ultimate goal shouldn't be security perfection — it should be making exploitation of your organization unprofitable.

Three vulnerabilities in SMA 100 gateways could facilitate root RCE attacks, and one of the vulnerabilities has already been exploited in the wild.

Cyber-insurance carrier Coalition said business email compromise and funds transfer fraud accounted for 60% of claims in 2024.

Four different countries, including the United States and Germany, were included in the latest international operation alongside Europol's support.

Despite all MITRE has done for cybersecurity, it is clear we should not wait 11 months to discuss the future of the CVE database. It's simply too important for that.