darkreading

Sandworm (aka Seashell Blizzard) has an initial access wing called "BadPilot" that uses standard intrusion tactics to spread Russia's tendrils around the world.

When it comes to keeping patient information safe, people empowerment is just as necessary as deploying new technologies.

More than half of attacks on Indian businesses come from outside the country, while 45% of those targeting consumers come from Cambodia, Myanmar, and Laos.

The analyst firm recommends defining security and governance processes while reducing friction for business stakeholders.

The combined companies will create a seamless ecosystem of trust, governance, risk, and compliance.

But there's plenty in it — including two zero-days — that need immediate attention.

The vulnerability could allow a threat actor to disable the security feature on a locked device and gain access to user data.

The staffers were tasked with building relationships on the ground across the country in local election jurisdictions, teaching election officials tactics on mitigating cyber threats, cyber hygiene, combating misinformation and foreign influence, and more.

State-led data privacy laws and commitment to enforcement play a major factor in shoring up business data security, an analysis shows.

Salt Typhoon underscores the urgent need for organizations to rapidly adopt modern security practices to meet evolving threats.

The popular generative AI (GenAI) model allows hallucinations, easily avoidable guardrails, susceptibility to jailbreaking and malware creation requests, and more at critically high rates, researchers find.

Improvements in cyber hygiene and resiliency made it possible for victim organizations to skip paying ransom amounts in 2024.

The likely Vietnam-based threat actor has been using two zero-days in VeraCore's warehouse management software in some of its latest cyberattacks.

After claiming responsibility for the ransomware attack in 2024, the "Embargo" ransomware group posted 1.15 terabytes of stolen data to its public Tor site.

The newspaper company expects the investigation to take some time, but said in an SEC filing that it has not yet identified any material impact.

Attackers are smuggling payment card-skimming malicious code into checkout pages on Magento-based e-commerce sites by abusing the Google Tag Manager ad tool.

For too long, we've treated our analysts as mere cogs in a machine, expecting them to conform to the limitations of our tools and processes. It's time to revolutionize security operations.

The secret use of other people's generative AI platforms, wherein hijackers gain unauthorized access to an LLM while someone else foots the bill, is getting quicker and stealthier by the month.

Five years after a Russian APT infiltrated a software update to gain access to thousands of SolarWinds customers, the board has voted unanimously to sell at a top valuation and plans for uninterrupted operations.