darkreading

The newspaper company expects the investigation to take some time, but said in an SEC filing that it has not yet identified any material impact.

Attackers are smuggling payment card-skimming malicious code into checkout pages on Magento-based e-commerce sites by abusing the Google Tag Manager ad tool.

For too long, we've treated our analysts as mere cogs in a machine, expecting them to conform to the limitations of our tools and processes. It's time to revolutionize security operations.

The secret use of other people's generative AI platforms, wherein hijackers gain unauthorized access to an LLM while someone else foots the bill, is getting quicker and stealthier by the month.

Five years after a Russian APT infiltrated a software update to gain access to thousands of SolarWinds customers, the board has voted unanimously to sell at a top valuation and plans for uninterrupted operations.

Developers are pulling in publicly available ASP.NET keys into their environments, without realizing that cyberattackers can use them for clandestine code injection.

A year after Google and Yahoo started requiring DMARC, the adoption rate of the email authentication specification has doubled; and yet, 87% of domains remain unprotected.

As the cost of data breaches continues to climb, the role of user and entity behavioral analytics (UEBA) has never been more important.

Local law enforcements need to steer away from "place-based policing" when investigating cybercrimes.

Cybereason co-founders launch their second act with a security startup focused on offering a platform that uses agentic AI to offload repetitive tasks commonly performed by security analysts.

OpenAI's latest tech can reason better than its previous models could, but not well enough to ferret out careful social engineering.

While President Trump supported federal space efforts during his first administration, the addition of SpaceX chief Elon Musk to his circle likely means challenges for regulating spacecraft cybersecurity, experts say.

Riding the wave of notoriety from the Chinese company's R1 AT chatbot, attackers are spinning up lookalike sites for different malicious use cases.

CISA and the FDA are warning that Contec CMS8000 and Epsimed MN-120 patient monitors are open to meddling and data theft; Claroty Team82 flagged the vulnerability as an avoidable insecure design issue.

When it comes to protecting your company from cyberattacks, you don't have to be the fastest gazelle — you just can't afford to be the slowest.

Cheap banking scams are often easier to pull off in a country with older devices, fewer regulations, and experienced fraudsters.