darkreading

A new security framework responds to a shift in attackers' tactics, one that allows them to infiltrate enterprises "silently" through their own policies.

Automation is rewriting early-career cybersecurity work, raising urgent questions about how the next generation of security professionals will gain real-world expertise.

The US national cyber director describes the next cyber strategy as focusing "on shaping adversary behavior," adding consequences and aggressive response.

The regime's cyber-espionage strategy employs dual-use targeting, collecting info that can support both military needs and broader political objectives.

A Formula 1 pit crew demonstrates the basic principles of how modern security teams should work.

Dark Reading Confidential Episode 12: Experts help cyber job seekers get noticed, make an argument for a need to return to the hacker ethos of a bygone era, and have a stark conversation about keeping AI from breaking the sector's talent pipeline for years to come.

A unique take on the software update gambit has allowed Beijing's state-sponsored advanced persistent threat (APT) to evade attention as it mostly targets Chinese organizations.

Have you ever given two seconds of thought to a browser notification? No? That's what hackers bent on phishing are counting on.

Editors from Dark Reading, Cybersecurity Dive, and TechTarget Search Security break down the depressing state of cybersecurity awareness campaigns and how organizations can overcome basic struggles with password hygiene and phishing attacks.

The infostealer specifically targets Brazilian Portuguese speakers and combines malware designed to phish banking credentials and steal data, a worm, and some uniquely Brazilian quirks.

A second zero-day vulnerability in its web application firewall (WAF) line has come under attack, raising more questions about the vendor's disclosure practices.

When international corporations have to balance competing cyber laws from different countries, the result is fragmented, potentially vulnerable systems.

Researcher shows how agentic AI is vulnerable to hijacking to subvert an agent's goals and how agent interaction can be altered to compromise whole networks.

Initially though to be a DDoS attack, the incident was actually due to a routine change in permissions that caused widespread software failure.

It only takes recycled cans, copper, and cheap gadgets off the Web to trick a train conductor into doing something dangerous.

The collaborative effort combines multiple federal departments, along with private companies to reduce, if not eliminate, billions lost annually to fraud.

IoT devices can be compromised, thanks to gaps in cloud management interfaces for firewalls and routers, even if they're protected by security software or not online.

As vulnerabilities in the Common Vulnerabilities and Exposures ecosystem pile up, one Black Hat Europe presenter hopes for a global, distributed alternative.

Researchers say Israel remains a central focus, with UNC1549 targeting aerospace and defense entities in the US, the UAE, Qatar, Spain, and Saudi Arabia.

Free the logs! Behind the scenes at InfluxData, which turned to its own in-house security monitoring platform, DiSCO, to protect its supply chain after its third-party tool was breached.