darkreading

In the end, the question isn't whether large language models will ever forget — it's how we'll develop the tools and systems to do so effectively and ethically.

Fortanix is implementing post-quantum cryptographic algorithms in its security suite to protect against future attacks.

Attackers are using a novel malware that takes on different file names each time it's deployed; it also boasts an anti-removal mechanism to target universities and government offices.

Addressing the complexities of session management in multi-IDP environments, the protocol offers a pathway to real-time security, proactive risk mitigation, and enhanced user trust.

The fake websites trick users into downloading and running malware that searches for personal information, especially anything related to cryptocurrency.

The threat actors are exploiting noninteractive sign-ins, an authentication feature that security teams don't typically monitor.

In the wrong hands, the popular red-teaming tool can be made to access networks, escalate privileges, conduct reconnaissance, and disguise malicious activity as a simulated exercise.

Cyberattackers believed to be affiliated with the state-sponsored threat group pulled off the largest crypto heist reported to date, stealing $1.5 billion from exchange Bybit. It was carried out by interfering with a routine transfer between wallets.

No matter the strategy, companies must approach securing unmanaged devices with sensitivity and respect for employee privacy.

Nearly a third of organizations have an operational system connected to the Internet with a known exploited vulnerability, as attacks by state and non-state actors increase.

Standard SecOps training is no longer enough to tackle modern cybersecurity challenges. People need to develop nontraditional skills.

A patch bypass for a bug in the popular desktop emulator enables root-level privilege escalation and has no fix in sight.

This move comes less than a year after the United States banned Kaspersky products, out of the same fear that the company is under Russian government control.

Evolving threats and hybrid identity challenges keep Microsoft's Active Directory at risk.

Confirmation by South Korea's data protection agency that the AI chatbot sent data to TikTok's Chinese parent company has spurred a ban in that nation, and is again is calling into question DeepSeek's safety.

A new streaming series about a catastrophic, nationwide cyberattack against US critical infrastructure is about as believable as its main character: an honest, bipartisan, universally beloved politician.

Only by addressing the inefficiencies of current naming conventions can we create a safer, more resilient landscape for all defenders.

Thai police said it was expecting to soon welcome 7,000 human trafficking victims, forced to work on cybercrime scams in call centers in Mynmar, in a first wave of people being freed from captivity.

One of 2024's most active ransomware outfits has been asleep through early 2025, thanks to reality-show-style, behind-the-scenes drama.

In addition to using CVE-2018-0171 and other Cisco bugs to break into telecom networks, the China-sponsored APT is also using stolen login credentials for initial access.