Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance […]

2.5 million people were affected, in a breach that could spell more trouble down the line. Source: https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/

Recent supply chain attacks involving self-propagating worms have spread far, but the damage and long-term impact is hard to quantify.

The Electronic Frontier Foundation is urging major technology companies to follow through on their promises to implement end-to-end encryption (E2E)

Ask the Expert: Organizations need to close the ownership vacuum, establish durable security controls, and ensure printers are protected as

Source: https://www.darkreading.com/events/shields-up-key-technologies-reshaping-cybersecurity-defenses

Researchers discovered a newly disclosed vulnerable driver embedded in Reynolds’ ransomware, illustrating the increasing popularity of the defense-evasion technique. Source:

The threat actor has been compromising cloud environments at scale with automated worm-like attacks on exposed services and interfaces. Source:

The ransomware group breached SmarterTools through a vulnerability in the company’s own SmarterMail product. Source: https://www.darkreading.com/application-security/warlock-gang-breaches-smartertools-smartermail-bugs

The acquisition allows the credit reporting agency to add SMS spam and scam prevention to its robocall blocking capabilities. Source:

Ironically, security by obscurity has helped prevent dangerous OT attacks in recent years. It won’t be that way forever. Source:

Three of those zero-days are security feature bypass flaws, which give attackers a way to slip past built-in protections in

With access to SIM, location data, and a preview of recent SMSes, attackers have everything they need for account takeover

Organizations that have exposed their instances of Web Help Desk to the public Internet have inadvertently made them prime targets

Only Taiwan made the top 10 list of governments, effectively blocking the threat-ridden protocol, but overall, the region lagged in

Organizations can improve their climate footprints by optimizing two specific cybersecurity protections, without incurring added risks. Source: https://www.darkreading.com/application-security/cyber-industry-defenses-co2-emissions

Organizations remain reluctant to address the fact that AI can dangerously expose business operations as well as personal data. Source:

How a platform engineering team embeds supply chain security into infrastructure without slowing developers. Source: https://www.darkreading.com/application-security/automaker-secures-supply-chain-developer-friendly-platform

CISOs should focus on harnessing and securing AI and building new skills among their people. Vision and change management can

In moving away from traditional banks to focus on Web3 companies, the threat actor is leveraging LLMs, deepfakes, legitimate platforms,

Green Blood Group steals personal records and biometric data of the West African nation’s nearly 20 million residents. Source: https://www.darkreading.com/cyberattacks-data-breaches/hackers-breach-senegal-national-biometric-database

Microsoft uncovered AI recommendation poisoning in 31 companies across 14 industries, and turnkey tools make it trivially easy to pull

Men should take extra care on Valentine’s Day because they are nearly twice as likely as women to fall victim

Drawing on years of adversary tradecraft, SpecterOps experts work alongside customers to analyze and eliminate attack paths, protect critical assets,

The AI-powered product delivers expert-grade malware analysis and reverse engineering in minutes. Source: https://www.darkreading.com/endpoint-security/booz-allen-announces-general-availability-vellox-reverser

It’s time to phase out the "patch and pray" approach, eliminate needless public interfaces, and enforce authentication controls, one expert

As AI deployments scale and start to include packs of agents autonomously working in concert, organizations face a naturally amplified

Espionage groups from China, Russia and other nations burned at least two dozen zero-days in edge devices in attempts to

Threat actors are exploiting security gaps to weaponize Windows drivers and terminate security processes in targeted networks, and there may

Zscaler’s acquisition of SquareX comes as competitors like CrowdStrike and Palo Alto Networks also invest in secure browser technologies. Source: