darkreading

The threat group has a variety of tactics in its toolbox, including double extortion and ransomware-as-a-service.

The UK's Southern Water has been forced to shell out millions due to a Black Basta cyberattack, and it has come to light that the total could include a ransom payment.

There's an untapped universe of exploitable drivers in the wild today. By exploiting just one of them, attackers were able to defeat security tools and infect Asian citizens with Gh0stRAT.

Feeling creative? Have something to say about cybersecurity? Submit your caption and our panel of experts will reward the winner with a $25 gift card.

In the end, the question isn't whether large language models will ever forget — it's how we'll develop the tools and systems to do so effectively and ethically.

Fortanix is implementing post-quantum cryptographic algorithms in its security suite to protect against future attacks.

Attackers are using a novel malware that takes on different file names each time it's deployed; it also boasts an anti-removal mechanism to target universities and government offices.

Addressing the complexities of session management in multi-IDP environments, the protocol offers a pathway to real-time security, proactive risk mitigation, and enhanced user trust.

The fake websites trick users into downloading and running malware that searches for personal information, especially anything related to cryptocurrency.

The threat actors are exploiting noninteractive sign-ins, an authentication feature that security teams don't typically monitor.

In the wrong hands, the popular red-teaming tool can be made to access networks, escalate privileges, conduct reconnaissance, and disguise malicious activity as a simulated exercise.

Cyberattackers believed to be affiliated with the state-sponsored threat group pulled off the largest crypto heist reported to date, stealing $1.5 billion from exchange Bybit. It was carried out by interfering with a routine transfer between wallets.

No matter the strategy, companies must approach securing unmanaged devices with sensitivity and respect for employee privacy.

Nearly a third of organizations have an operational system connected to the Internet with a known exploited vulnerability, as attacks by state and non-state actors increase.

Standard SecOps training is no longer enough to tackle modern cybersecurity challenges. People need to develop nontraditional skills.

A patch bypass for a bug in the popular desktop emulator enables root-level privilege escalation and has no fix in sight.

This move comes less than a year after the United States banned Kaspersky products, out of the same fear that the company is under Russian government control.

Evolving threats and hybrid identity challenges keep Microsoft's Active Directory at risk.

Confirmation by South Korea's data protection agency that the AI chatbot sent data to TikTok's Chinese parent company has spurred a ban in that nation, and is again is calling into question DeepSeek's safety.

A new streaming series about a catastrophic, nationwide cyberattack against US critical infrastructure is about as believable as its main character: an honest, bipartisan, universally beloved politician.