darkreading

Developers are pulling in publicly available ASP.NET keys into their environments, without realizing that cyberattackers can use them for clandestine code injection.

A year after Google and Yahoo started requiring DMARC, the adoption rate of the email authentication specification has doubled; and yet, 87% of domains remain unprotected.

As the cost of data breaches continues to climb, the role of user and entity behavioral analytics (UEBA) has never been more important.

Local law enforcements need to steer away from "place-based policing" when investigating cybercrimes.

Cybereason co-founders launch their second act with a security startup focused on offering a platform that uses agentic AI to offload repetitive tasks commonly performed by security analysts.

OpenAI's latest tech can reason better than its previous models could, but not well enough to ferret out careful social engineering.

While President Trump supported federal space efforts during his first administration, the addition of SpaceX chief Elon Musk to his circle likely means challenges for regulating spacecraft cybersecurity, experts say.

Riding the wave of notoriety from the Chinese company's R1 AT chatbot, attackers are spinning up lookalike sites for different malicious use cases.

CISA and the FDA are warning that Contec CMS8000 and Epsimed MN-120 patient monitors are open to meddling and data theft; Claroty Team82 flagged the vulnerability as an avoidable insecure design issue.

When it comes to protecting your company from cyberattacks, you don't have to be the fastest gazelle — you just can't afford to be the slowest.

Cheap banking scams are often easier to pull off in a country with older devices, fewer regulations, and experienced fraudsters.

While probabilities may be based on subjective information, when used in an objective framework, they demonstrate an effective way to improve the value of hard decisions.

New research highlights how bad actors could abuse deleted AWS S3 buckets to create all sorts of mayhem, including a SolarWinds-style supply chain attack.

A sophisticated cyberattack campaign is targeting organizations that still rely on Active Directory Federation Services (ADFS) for authentication across applications and services.

Organizations continue to be at high risk from cybercrime in Africa, despite law enforcement takedowns of cybercriminal syndicates in Nigeria and other African nations.

Fraud groups are using cutting-edge technology to scale their operations to create fake identities and execute fraud campaigns.

The security startup's autonomous security remediation platform uses off-the-shelf large language models (LLMs) to analyze security alerts and apply the fixes.