darkreading

Secrets managers hold all the keys to an enterprise's kingdom. Two popular ones had longstanding, critical, unauthenticated RCE vulnerabilities.

The now-patched vulnerabilities exist at the firmware level and enable deep persistence on compromised systems.

New research reveals that a malicious traffic distribution system (TDS) is run not by "hackers in hoodies," but by a series of corporations operating in the commercial digital advertising industry.

Using invisible prompts, the attacks demonstrate a physical risk that could soon become reality as the world increasingly becomes more interconnected with artificial intelligence.

Two critical vulnerabilities affect the security vendor's management console, one of which is under active exploitation. The company has updated cloud-based products but won't have a patch for its on-premises version until mid-August.

The ultimate goal of CMMC 3.0 is not just compliance — it's resilience.

The "Direct Send" feature simplifies internal message delivery for trusted systems, and the campaign successfully duped both Microsoft Defender and third-party secure email gateways.

Against the backdrop of the artificial intelligence surge, most African organizations have some form of cybersecurity awareness training but fail to test frequently and don't trust the results.

A trio of startup founders — GreyNoise's Andrew Morris, Thinkst Canary's Haroon Meer, and runZero's HD Moore — agree that raising venture capital funding can be beneficial, but a company's success depends on how well the product fits customer needs.

The jewelry retailer is warning customers that their data can and might be used maliciously.

A critical vulnerability in the trust model of Cursor, a fast-growing tool for LLM-assisted development, allows for silent and persistent remote code execution.

The networking giant said this week that an employee suffered a voice phishing attack that resulted in the compromise of select user data, including email addresses and phone numbers.

While the cybercrime underground has professionalized and become more organized in recent years, threat actors are, to a great extent, still using the same attack methods today as they were in 2020.

In a conversation with Dark Reading's Terry Sweeney, Lauren Miskelly from Google explains that Chrome Enterprise is the same Chrome browser that consumers use, but with additional enterprise-grade controls, reporting capabilities, and administrative features.

Chainguard provides DevSecOps teams with a library of "secure-by-default" container images so that they don't have to worry about software supply chain vulnerabilities. The startup is expanding its focus to include Java and Linux, as well.

The flaws in the company's Triton Inference Server enables model theft, data leaks, and response manipulation.

The grants are intended to help states, tribes, and localities enhance their cybersecurity resilience by providing them with monetary resources to reduce risks and implement new procedures.

Not only are attacks against macOS users ramping up, but threat actors have proved to be advanced with deepfake technology. Security awareness training may be the best defense.

From "eCrime" actors to fake IT tech workers, CrowdStrike researchers found that adversaries are using AI to enhance their offensive cyber operations.