darkreading

Cybercriminals are flocking to take part in the newly inflamed fight between India and Pakistan.

The voluntary Software Security Code of Practice is the latest initiative to come out of the United Kingdom to boost best practices in application security and software development.

Exposed data from LockBit's affiliate panel includes Bitcoin addresses, private chats with victim organizations, and user information such as credentials.

On Dark Reading's 19-year anniversary, Editor-in-Chief Kelly Jackson Higgins stops by Informa TechTarget's RSAC 2025 Broadcast Alley studio to discuss how things have changed since the early days of breaking Windows and browsers, lingering challenges, and what's next beyond AI.

The security researcher who questioned the effectiveness of a patch for recently disclosed bug in Commvault Command Center did not test patched version, the company says.

The investigation is ongoing, but the VC giant intends to inform affected customers on a rolling basis as more of the breach details come to light.

Your ultimate goal shouldn't be security perfection — it should be making exploitation of your organization unprofitable.

Three vulnerabilities in SMA 100 gateways could facilitate root RCE attacks, and one of the vulnerabilities has already been exploited in the wild.

Cyber-insurance carrier Coalition said business email compromise and funds transfer fraud accounted for 60% of claims in 2024.

Four different countries, including the United States and Germany, were included in the latest international operation alongside Europol's support.

Despite all MITRE has done for cybersecurity, it is clear we should not wait 11 months to discuss the future of the CVE database. It's simply too important for that.

The Iranian state-backed group targeted the operational technology of a critical national infrastructure (CNI) network and persisted in its network for years, but ultimately failed.

Japan is being peppered with an overwhelming volume of spam, thanks to a new platform popular across the East China Sea.

Microsoft researchers identify 10 new potential pitfalls for companies that are developing or deploying agentic AI systems, with failures potentially leading to the AI becoming a malicious insider.

The 15th annual event helps countries test and develop defenses against current and emerging cyber threats, including disinformation, quantum computing, and AI.

European regulators sent an unmistakable message about messing around with GDPR-protected data. How can organizations avoid similar compliance hassles?

The spyware company must pay the tech giant $168 million in punitive and compensatory damages after a 2019 attack targeting 1,400 devices.

Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries.

Researchers from Aon's Stroz Friedberg incident response firm discovered a new attack type, known as "Bring Your Own Installer," targeting misconfigured SentinelOne EDR installs.