darkreading

Attackers are abusing a Microsoft 365 feature to send payment requests to users, tricking them into logging in to their accounts so attackers can seize control over them.

Low-code/no-code (LCNC) and robotic process automation (RPA) technologies allow companies to speed up development processes and reduce costs, but security is often overlooked. When this happens, the risks can outweigh the benefits.

The southern African telco is the latest entity on the continent to have its critical infrastructure hacked, and attackers release sensitive info online when Telecom Namibia refuses to negotiate.

The deal will enhance 1Password Extended Access Management offering with capabilities to address challenges around software-as-a-service sprawl and shadow IT.

Until September 2024, the encrypted messaging service acceded to 14 requests for user data from the US; that number jumped to 900 after its CEO was detained by French authorities in August.

The sprawling social media and gaming platform says that being considered a Chinese military business must be a mistake.

The breach was carried out by exploiting CVE-2024-12356 in BeyondTrust cybersecurity company, just last week.

The malware, found on a Russian cybercriminal site, impersonates e-commerce payment-processing services such as Stripe to steal user payment data from legitimate websites.

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.

We can't put defense on hold until Inauguration Day.

The deal adds Phylum's technology for malicious package analysis, detection, and mitigation to Veracode's software composition analysis portfolio.

Cybersecurity industry visionary and renowned executive Amit Yoran has passed away after an almost one-year battle with cancer.

These latest attacks follow a long string of cyberattacks and breaches targeting US and global telecom and ISP companies.

A fake Telegram Premium app delivers information-stealing malware, in a prime example of the rising threat of adversaries leveraging everyday applications, researchers say.

The malware, operated by China-backed cyberattackers, has been significantly fortified with new evasive and post-infection capabilities.

New security regulations are more than compliance hurdles — they're opportunities to build better products, restore trust, and lead the next chapter of innovation.

In just two years, LLMs have become standard for developers — and non-developers — to generate code, but companies still need to improve security processes to reduce software vulnerabilities.

Weeks after the critical vulnerability was reported and a hacking of the Treasury Department, nearly 9,000 BeyondTrust instances remain wide open to the Internet, researchers say — though it's impossible to tell how many are still vulnerable.

Healthcare organizations of all shapes and sizes will be held to a stricter standard of cybersecurity starting in 2025 with new proposed rules, but not all have the budget for it.

Integrity Technology Group was found complicit with Flax Typhoon as part of a broader Chinese strategy to infiltrate the IT systems of US critical infrastructure.