darkreading

The CVSS 9.8 authentication bypass in Ivanti's traffic manager admin panel already has a proof-of-concept (PoC) exploit lurking in the wild.

Privilege escalation flaws in the healthcare chatbot platform could have allowed unauthorized cross-tenant access and management of other customers’ resources.

Earth Baku, yet another subgroup of the highly active and increasingly sophisticated collective, is moving into EMEA with new malware and living-off-the-land (LotL) tactics.

Computer infrastructure in the US, UK, and Germany associated with the cybercriminal group, which targeted SMBs using double extortion, is officially out of commission.

AI's proficiency at creating software code won't put developers out of a job, but the job will change to one focused on security, collaboration, and "mentoring" AI models.

The Defense Advanced Research Projects Agency launches TRACTOR program to work with university and industry researchers on creating a translation system that can turn C code into secure, idiomatic Rust code.

CrowdStrike's president and CEO were both at Black Hat and DEF CON to face direct questions from customers and cybersecurity professionals.

The treaty would allow any country to request technology firms to aid in cybercrime investigations and preserve data about their users — potentially imperiling penetration testers and security researchers, among others.

The vulnerability has been around for nearly 20 years and gives sophisticated attackers a way to bury virtually undetectable bootkits on devices with EPYC and Ryzen microprocessors.

More than 100 Ukrainian government devices have been affected by the threat that is being tracked as UAC-0198.

A quick and easy exploit for crashing Windows computers has no fix yet nor really any way to mitigate its effects.

The recent outage highlights the critical importance of adhering to established processes and governance frameworks.

US citizens play middleman between US companies and the North Korean government agents they unwittingly hire.

The American Hospital Association and Health-ISAC issued a joint threat bulletin warning healthcare IT providers that their ransomware plans need to consider third-party risk.

The weaknesses gave attackers an avenue to take over millions of photovoltaic devices connected to Solarman and Deye's cloud-hosted management systems.