darkreading

SP 1800-35 offers 19 examples of how to implement zero-trust architecture (ZTA) using off-the-shelf commercial technologies.

A new Cybersecurity and Infrastructure Security Agency (CISA) advisory warned ransomware actors have been actively exploiting a critical SimpleHelp flaw since January.

Researchers discovered a large-scale campaign using the open source penetration-testing framework that has targeted more than 80,000 Microsoft accounts.

This alignment makes a successful CISO, but creating the same sentiment across business leadership creates a culture of commitment and greatly contributes to achieving goals.

These groups suffered three times the cyberattacks as the year previous, with DDoS attacks dominating and vulnerability scans and SQL injection also more common.

Researchers at Aim Security disclosed a Microsoft Copilot vulnerability of critical severity this week that could have enabled sensitive data exfiltration via prompt injection attacks.

New regulations and compliance standards for the Children's Online Privacy Protection Act reflect how much technology has grown since the Federal Trade Commission last updated it in 2013.

A string of threat-actor OpSec failures have yielded unexpected windfalls for security researchers and defenders.

To truly future-proof your cybersecurity approach, it's vital to ensure that your security program is flexible and adaptable to both current and future business demands.

Interpol's Operation Secure arrested more than 30 suspects across Vietnam, Sri Lanka, and Nauru, and seized 117 command-and-control servers allegedly used to run widespread phishing, business email compromise, and other cyber scams.

The move is unrelated to a recent nation-state attack the vendor endured but stems from a report by a third-party researcher.

Agentic AI was everywhere at Gartner's Security & Risk Management Summit in Washington, DC, this year, as the AI security product engine chugs ahead at full speed.

The weakness in Google's password-recovery page, discovered by a researcher called Brutecat, exposed private user contact information to attackers, opening the door to phishing, SIM-swapping, and other attacks.

The deal will combine Securonix's security information and event management (SIEM) platform with ThreatQuotient's threat detection and incident response (TDIR) offering to build an all-in-one security operations stack.

Cloud resilience is no longer just about surviving service interruptions; it's about operating securely under any circumstances, across any geographic area.

The two campaigns are good examples of the ever-shrinking time-to-exploit timelines that botnet operators have adopted for newly published CVEs.

Business and security executives in the South Asian nation worry over AI, cybersecurity, new digital privacy regulations, and a talent gap that hobbles innovation.

The bug is one of 66 disclosed and patched today by Microsoft as part of its June 2025 Patch Tuesday set of security vulnerability fixes.

ESG research suggests security teams are using enterprise browsers to complement existing security tools and address network access issues.

The flaw allows an authenticated attacker to gain complete control over a Roundcube webmail server.