darkreading

The Russia-backed threat actor's latest cyber spying campaign is a classic example of how quickly sophisticated hacking groups can pivot when exposed.

The operation took down a massive SIM card fraud network that provided fake phone numbers from more than 80 countries to criminals.

If an employee's phone connects to their car and then their corporate network, an attack against the car can reach the company.

Oracle E-Business Suite customers received conflicting deployment guidance, leaving enterprises exposed a recent zero-day flaw, Andrew argues.

"FD-SOI" makes hardware attacks on silicon chips more difficult. And, researchers argue, it'll help OEMs with regulatory compliance.

The sophisticated worm — which uses invisible code to steal credentials and turn developer systems into criminal proxies — has so far infected nearly 36k machines.

Aliyu Ibrahim Usman, founder of the Cyber Cadet Academy in Nigeria, shares his passion for raising cybersecurity awareness in the wake of mounting security concerns worldwide.

Microsoft revoked more than 200 digital certificates that threat actors used to sign fake Teams binaries that set the stage for Rhysida ransomware attacks.

The shared responsibility model of data security, familiar from cloud deployments, is key to agentic services, but cybersecurity teams and corporate users often struggle with awareness and managing that risk.

AI interactions are becoming one of the most revealing records of human thinking, and we're only beginning to understand what that means for law enforcement, accountability, and privacy.

Be aware: a rash of phishing campaigns are leveraging the anxiety and trust employees have in password vaults securing all of their credentials.

Researchers discovered more than 550 unique secrets exposed in Visual Studio Code marketplaces, prompting Microsoft to bolster security measures.

AI might help some threat actors in certain respects, but one group is proving that its use for cyberattacks has its limits.

The deal, which builds on LevelBlue's recent acquisition of Trustwave and Aon, aims to provide customers with a broad portfolio of extended detection and response, managed detection and response, and forensic services.

The cyber-espionage group has been using sophisticated custom tools to target government and diplomatic entities in South Asia since early 2025.

F5 disclosed a breach this week that included zero-day bugs, source code, and some customer information.

The Clop ransomware group claimed responsibility for stealing the university's data as part of a broader campaign against Oracle customers.

Organizations across the continent saw 10% fewer attacks in September, but Africa remains the most attacked region in the world, leading the Global South.

October 2025's enormous Patch Tuesday offers plenty of nightmares for admins, including actively exploited zero-days and insidious high-severity privilege-escalation bugs — and it spells curtains for Windows 10 updates.