darkreading

Attackers are targeting admin accounts, and once authenticated, exporting device configurations including hashed credentials and other sensitive information.

Anthropic proves that LLMs can be fairly resistant to abuse. Most developers are either incapable of building safer tools, or unwilling to invest in doing so.

The remote access Trojan lets an attacker remotely control a victim's phone and can generate malicious apps from inside the Play Store.

The future of cybersecurity means defending everywhere. Securing IoT, cloud, and remote work requires a unified edge-to-cloud strategy. (First in a three-part series.)

In the React2Shell saga, nonworking and trivial proof-of-concept exploits led to confusion and perhaps a false sense of security. Can the onslaught of PoCs be tamed?

As quantum computing advances, secure, interoperable standards will be critical to making quantum key distribution (QKD) practical, trusted, and future-proof.

Threat actors wielding stolen AWS Identity and Access Management (IAM) credentials leverage Amazon EC and EC2 infrastructure across multiple customer environments.

Rapid digitization, uneven cybersecurity know-how, and growing cybercriminal syndicates in the region have challenged law enforcement and prosecutors.

A high-school student is tackling the overlooked risk of AI-generated satellite imagery that could mislead governments and emergency responders.

The key elements in a security operations center's strategy map align closely to the swim/bike/run events in a triathlon. SOCs, like triathletes, perform well when their "inputs" are strong.

But media reports described the attack as causing major disruption to PDVSA, the state-owned oil and natural gas company.

Amazon detailed a long-running campaign by Russia against critical infrastructure organizations, particularly in the energy sector.

Urban VPN Proxy, which claims to protect users' privacy, collects data from conversations with ChatGPT, Claude, Gemini, Copilot, and other AI assistants.

Experts predict big changes are coming for IT infrastructure in 2026, driven by AI adoption, hybrid cloud strategies, and evolving security demands.

Managing general agents help insurers navigate sectors where they lack expertise. A cybersecurity policy written by an MGA is more likely to reflect an understanding of the risks CISOs deal with.

Two Apple zero-day vulnerabilities discovered this month have overlap with another mysterious zero-day flaw Google patched last week.

Etay Maor, a cybersecurity strategist and professor, shares his journey, insights, and advice on breaking into the diverse and ever-evolving field of cybersecurity.

A new version of VolkLocker, wielded by the pro-Russia RaaS group CyberVolk, has some key enhancements but one fatal flaw.

Digital transformation has made cybersecurity preparation part of operational resilience for most organizations. This calls for a new relationship between CISOs and COOs.

As exploitation activity against CVE-2025-55182 ramps up, researchers are finding some proof-of-concept exploits contain bypasses for web application firewall (WAF) rules.