darkreading

Attackers can use them to inject arbitrary prompts, exfiltrate personal user information, bypass safety mechanisms, and take other malicious actions.

A critical security issue in a popular endpoint manager (CVE-2025-61932) allowed Chinese state-sponsored attackers to backdoor Japanese businesses.

The Japanese media giant said thousands of employee and business partners were impacted by an attack that compromised Slack account data and chat histories.

Despite increased awareness, manufacturers continue to face an onslaught of attacks.

Attackers are already targeting a vulnerability in the Post SMTP plug-in that allows them to fully compromise an account and website for nefarious purposes.

Some of the world's biggest technology companies use a program liable to introduce malware into their software. The potential consequences are staggering, but there's an easy fix.

CISOs must navigate five critical dimensions of AI in cybersecurity: augmenting security with AI, automating security with AI, protecting AI systems, defending against AI-powered threats, and aligning AI strategies with business goals. Neglecting any of these areas is a recipe for disaster.

Iran is spying on American foreign policy influencers. But exactly which of its government's APTs is responsible remains a mystery.

The well-known North Korean threat group continues to improve the obfuscation and anti-analysis features of its attack toolchain.

An analysis of startup firms' spending on AI applications finds the top categories to be productivity and content-generation. Security? Not so much.

A threat actor known as "Curly COMrades" is using Linux VMs to remain undetected in Windows environments while conducting Russia-aligned activities.

Successful ransomware groups have three key elements in common. Spoiler alert: Indicators of success don't all revolve around artificial intelligence.

European organizations face an escalating cyber threat landscape as attackers leverage geopolitical tensions and AI-enhanced social engineering for attacks.

Malware used in a months-long attack demonstrates how bad actors are misusing generative AI services in unique and stealthy ways.

Android/BankBot-YNRK is currently targeting users in Indonesia by masquerading as legitimate applications.

In a new cyber threat campaign, attackers are using remote monitoring and management tools to actually steal physical cargo out of the trucking and freight supply chain.

The power grid is being attacked online and IRL. Increasingly, regulators and industry experts agree: Security teams need to focus on both cyber and physical threats, together.

To write secure code with LLMs developers must have the skills to use AI as a collaborative assistant rather than an autonomous tool, Madou argues.

Reconnaissance and BEC are among the malicious activities attackers commit after compromising cloud accounts, using a framework based on the TruffleHog tool.

The spear-phishing campaign uses fake European Commission and NATO-themed lures to trick diplomatic personnel into clicking malicious links.