darkreading

The security researcher who questioned the effectiveness of a patch for recently disclosed bug in Commvault Command Center did not test patched version, the company says.

The investigation is ongoing, but the VC giant intends to inform affected customers on a rolling basis as more of the breach details come to light.

Your ultimate goal shouldn't be security perfection — it should be making exploitation of your organization unprofitable.

Three vulnerabilities in SMA 100 gateways could facilitate root RCE attacks, and one of the vulnerabilities has already been exploited in the wild.

Cyber-insurance carrier Coalition said business email compromise and funds transfer fraud accounted for 60% of claims in 2024.

Four different countries, including the United States and Germany, were included in the latest international operation alongside Europol's support.

Despite all MITRE has done for cybersecurity, it is clear we should not wait 11 months to discuss the future of the CVE database. It's simply too important for that.

The Iranian state-backed group targeted the operational technology of a critical national infrastructure (CNI) network and persisted in its network for years, but ultimately failed.

Japan is being peppered with an overwhelming volume of spam, thanks to a new platform popular across the East China Sea.

Microsoft researchers identify 10 new potential pitfalls for companies that are developing or deploying agentic AI systems, with failures potentially leading to the AI becoming a malicious insider.

The 15th annual event helps countries test and develop defenses against current and emerging cyber threats, including disinformation, quantum computing, and AI.

European regulators sent an unmistakable message about messing around with GDPR-protected data. How can organizations avoid similar compliance hassles?

The spyware company must pay the tech giant $168 million in punitive and compensatory damages after a 2019 attack targeting 1,400 devices.

Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries.

Researchers from Aon's Stroz Friedberg incident response firm discovered a new attack type, known as "Bring Your Own Installer," targeting misconfigured SentinelOne EDR installs.

IaC is powerful. It brings speed, scale, and structure to cloud infrastructure. But none of that matters if your security can't keep up.

CISA added CVE-2025-34028 to its Known Exploited Vulnerabilities catalog, citing active attacks in the wild.

The vulnerability, which has a CVSS score of 9.8, is under attack and allows threat actors to remotely execute arbitrary commands on servers running the agentic AI builder.

The vulnerabilities affect SonicWall's SMA devices for secure remote access, which have been heavily targeted by threat actors in the past.

As attacks accelerate, security leaders must act to gain visibility across their entire institution's network and systems and continuously educate their users on best practices.