darkreading

The anti-fraud plan calls for companies to create a pipeline for compiling attack information, along with formal processes to disseminate that intelligence across business groups.

New analysis says law enforcement efforts against Russian-language ransomware-as-a-service (RaaS) infrastructure helped consolidate influence behind BlackBasta, but some experts aren't so sure the brand means that much.

In a "new class of attack," the Russian APT breached a target in Washington, DC, by credential-stuffing wireless networks in close proximity to it and daisy-chaining a vector together in a resourceful and creative way, according to researchers.

Diversity isn't just an issue of fairness — it's about operational excellence and ensuring we have the best possible teams defending our national security.

Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be more inclined to download an open source Python code package for free access, without vetting it or thinking twice.

A local government resource for helping Japanese citizens cut ties with organized crime was successfully phished in a tech support scam, and could have dangerous consequences.

While the need for cybersecurity talent still exists, the budget may not. Here's how to maximize security staff despite hiring freezes.

At least 97 major water systems in the US have serious cybersecurity vulnerabilities and compliance issues, raising concerns that cyberattacks could disrupt businesses, industry, and the lives of millions of citizens.

Secure by Demand offers a starting point for third-party risk management teams, but they need to take the essential step of using a mature software supply chain security solution to ensure they're not blindly trusting a provider's software.

The scale of Beijing's systematic tapping of private industry and universities to build up its formidable hacking and cyber-warfare capabilities is larger than previously understood.

Building on its broad security portfolio, Microsoft's new exposure management is now available in the Microsoft Defender portal, with third-party connectors on the way.

In addition to XSS, MITRE and CISA's 2024 list of the 25 most dangerous security vulnerability types (CWEs) also flagged out-of-bounds write, SQL injection, CSRF, and path traversal.

The ONNX infrastructure has been servicing criminal actors as far back as 2017.

Starting in 2025, the RSAC Innovation Sandbox Top 10 Finalists will each receive a $5 million investment to drive cybersecurity innovation.

Dazz's remediation engine will boost risk management in Wiz's cloud security portfolio.