darkreading

The security researcher who notified the media of the breach will be free from the city's lawsuit, but not without a caveat.

The bug affected accounts with 52-character user names, and had several pre-conditions that needed to be met in order to be exploited.

Companies are attaching the artificial intelligence term to everything these days, but in cybersecurity, machine learning is more than hype.

As businesses worry over deepfake scams and other AI attacks, organizations are adding guidance for cybersecurity teams on how to detect, and respond to, next-generation threats. That includes Exabeam, which was recently targeted by a deepfaked job candidate.

A research tool by the company found a vulnerability in the SQLite open source database, demonstrating the "defensive potential" for using LLMs to find vulnerabilities in applications before they're publicly released.

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

The true measure of our cybersecurity prowess lies in our capacity to endure.

The large-scale operation took advantage of open repositories, hardcoded credentials in source code, and other cloud oversights.

The Recall AI tool will be available to Copilot+ PC subscribers in December, and can be used to record images of every interaction on the device for review later. Critics say this introduces major privacy and security concerns along with useful functionality.

OWASP has released guidance materials addressing how to respond to deepfakes, AI security best practices, and how to secure open source and commercial generative AI applications.

The sophisticated Chinese cyberattacks of today rest on important groundwork laid during the pandemic and before.

Misconfigurations, weak authentication, and logic flaws are among the main drivers of API security risks at many organizations.

Factory automation software from Mitsubishi Electric and Rockwell Automation could be subject to remote code execution (RCE), denial-of-service (DoS), and more.

As organizations centralize IT security, the risk of espionage is silently becoming a more profitable threat.

When a CISO can articulate risk in context to the business as a whole, development teams can better prioritize their activities.

"See one, teach one, do one" takes a page out of the healthcare playbook to reduce human vulnerabilities where they matter most in cybersecurity.

The threat actors deceive their victims by impersonating the legal teams of companies, well-known Web stores, and manufacturers.

The 2024 ISC2 Cybersecurity Workforce Study found that amid a tightening job market and dynamic cyber-threat environment, ongoing staffing and skills shortages are putting organizations at serious risk. Can AI move the needle in defenders' favor?