darkreading

The infamous Clop gang has targeted a wide range of Oracle E-Business Suite customers using a newly disclosed zero-day vulnerability.

Outwardly neutral Chinese institutions have been collaborating with Western orgs and researchers for the benefit of PRC state intelligence.

The enterprise-focused Water Saci campaign spreads Sorvepotel, which can steal credentials and monitor browser activity to defraud financial institutions in the region.

After claiming it would shut down, the cybercriminal collective reemerged and threatened to publish the stolen data of Salesforce customers by Oct. 10 if its demands are not met.

Dutch Prime Minister Dick Schoof described the incident as part of a broader pattern of Russian hybrid attacks against Europe.

The company likely failed to completely clean out attackers from a previous breach and now is a case study for the high cost of ransomware.

Brain computer interface (BCI) technology looks to provide users with hands-free device control, but could security ever keep up with the risks?

An attacker's dream: Windows Speak for Me could integrate into apps, creating perfect voice replicas for Teams calls and AI agent interactions across multiple SaaS platforms.

A Chinese-language threat actor uses every part of the kill: infecting Web servers with malware, poisoning sites with SEO spam, and stealing organizational data for follow-on attacks.

With nearly 47,000 CVEs expected by the end of the year, organizations must balance comprehensive vulnerability management with strategic cyber insurance policy selection to effectively navigate this rapidly evolving threat landscape.

The NFL's cyberattack surface is expanding at an unprecedented rate. To find out more, we spoke with a cyber-defense coordinator from the Cleveland Browns.

A threat actor claimed 28,000 private repositories had been compromised, and the Linux software maker said it had "initiated necessary remediation steps."

With SMS, voice, and QR-code phishing incidents on the rise, it's time to take a closer look at securing the mobile user.

The long-running South Asian advanced persistent threat (APT) group is advancing its objectives against Pakistani targets, with a shift to deploying Python-based surveillance malware.

In a clever, messed-up twist on brand impersonation, attackers are passing off their spyware as a notorious UAE government surveillance app.

Mandiant provided proactive defenses against UNC6040's social engineering attacks that have led to several Salesforce breaches.

Lapse of critical information sharing and mass furloughs at CISA are just some of the concerns.

Researchers have demonstrated an attack that can break through modern Intel and AMD processor technologies that protect encrypted data stored in memory.

Windows 10 reaches end-of-life on Oct. 14, which will triple the number of vulnerable enterprise systems and create a massive attack surface for cybercriminals.

The sweeping new regulations show that China's serious about hardening its own networks after launching widespread attacks on global networks.