darkreading

An analysis of more than a half-million mobile apps find encryption problems, privacy issues, and known vulnerabilities in third-party code. What can users and developers do?

By focusing on prevention, education, and risk transfer through insurance, organizations — especially SMEs — can protect themselves from the rapidly escalating threats of cyberattacks.

Two kinds of attacks are in high gear: ransomware attacks against OEMs and compromised electric vehicle chargers, according to data from Q1 2025.

Recently added artificial intelligence capabilities on the Chinese-language Darcula phishing-as-a-service platform make phishing attacks easy for even the least technical hackers.

The creators of the toolkit are advertising it as an educational and ethical resource, but what it promises to provide users if purchased indicates it's anything but.

By simulating business environments or running software, while incorporating real-time data from production systems, companies can model the impact of software updates, exploits, or disruptions.

Though already patched, the vulnerability is especially problematic because of the highly privileged access it offers to business-critical systems, sensitive data, and backups for attackers.

Researchers at security vendor Cleafy detailed a malware known as "SuperCard X" that uses the NFC reader on a victim's own phone to steal credit card funds instantly.

Fraudsters are targeting high-turnover workforces and compromising accounts that are associated with frequent payouts.

The losses are 33% higher than the year before, with phishing leading the way as the most-reported cybercrime last year, and ransomware was the top threat to critical infrastructure, according to the FBI Internet Crime Report.

By proactively embracing emerging trends around encryption, AI security, and platform consolidation, organizations can turn compliance burdens into competitive advantage.

The convergence of cybercrime, financial fraud, and organized crime poses a significant threat, especially where these syndicates excel at operating under the radar.

In the latest "Secure Future Initiative" progress report, Microsoft describes efforts to rebuild its security culture, including making security a core priority for employees during performance reviews and launching a new Secure by Design UX Toolkit.

Secureworks research shows two ransomware operators offering multiple business models with ransomware-as-a-service, mimicking the structures and processes of legitimate businesses.

Verizon's "2025 Data Breach Investigations Report" highlights dire — but not new — trends in the education sector, where faculty and staff continue to fall for social engineering campaigns and make simple security errors.

M&S has launched an investigation and said some customer operations are impacted.

Use of synthetic identities by malicious employment candidates is yet another way state-sponsored actors are trying to game the hiring process and infiltrate Western organizations.

Attackers are using credentials stolen via phishing websites that purport to be legitimate securities company homepages, duping victims and selling their stocks before they realize they've been hacked.

Scalable, effective — and best of all, free — securing Kubernetes workload identity cuts cyber-risk without adding infrastructure, according to new research from SANS.