darkreading

Myke Lyons, CISO at data-processing SaaS company Cribl, shares how he cooked up an unconventional journey from culinary school to cybersecurity leadership.

Security teams invest in AI for automated remediation but hesitate to trust it fully due to fears of unintended consequences and lack of transparency.

The malware operation uses compromised accounts and bot networks to distribute infostealers and has tripled its output in 2025.

Numerous organizations have been attacked via Oracle EBS zero-day CVE-2025-61882, and evidence suggests more like Schneider Electric could be on that list.

Two campaigns targeting fintech execs and Web3 developers show the APT going cross-platform in financially motivated campaigns that use fake business collaboration and job recruitment lures.

A Morocco-based gift card fraud campaign is a sign of what retailers can expect this holiday season.

While investigating the cyberattacks, researchers uncovered a new spyware product from Memento Labs, the successor to the infamous Hacking Team.

AI's explosive growth has lifted cybersecurity to the top of the board's agenda. Here's how CISOs can seize the moment, according to Diana Kelley.

Atroposia, a new RAT malware, offers low-level cybercriminal affiliates the ability to utilize sophisticated stealth and persistence capabilities.

The attack by the one of the most impactful RaaS groups active today demonstrates an evasion strategy that can stump defenses not equipped to detect cross-platform threats.

Microsoft initially fixed CVE-2025-59287 in the WSUS update mechanism in the October 2025 Patch Tuesday release, but the company has now issued a second, out-of-band update for the flaw, which is under attack in the wild.

Cyber teams need to get to work backfilling diminishing federal resources, according to Alexander Garcia-Tobar, who shares clear steps on a path forward for protecting enterprises with less CISA help.

Attackers are pouncing on financially strapped US government agencies and furloughed employees. And the effects of this period might be felt for a long time hereafter.

A $14 billion seizure by US investigators presents a warning for cybercriminals' reliance on bitcoin but is still a positive development for the cryptocurrency industry.

CVE-2025-54236 is a critical flaw in Adobe Commerce (formerly Magento) that allows attackers to remotely take over sessions on the e-commerce platform.

Chinese smishers — the bane of every American with a phone — have been shifting to lower-frequency, possibly higher-impact government impersonation attacks.

In the hotly political Middle East, you'd expect hacktivism and disruption of services. But retail attacks?

The campaign is the latest effort by the North Korean threat actor to collect data of strategic interest to Pyongyang.

Pwn2Own Ireland kicked off on Oct. 21. What researchers found continues to highlight how secure development practices are lacking across the industry.

The goal is to apply psychology principles to security training to change behaviors and security outcomes.