darkreading

As CISOs take a seat at the boardroom table, the focus shifts from stacking security tools to driving accountability, efficiency, and strategic risk management.

The threat actor, of unknown origin, is deploying a proprietary backdoor malware known as "Sagerunex" against critical infrastructure in Hong Kong, Philippines, Taiwan, and Vietnam.

The nation-state threat group has been breaching providers of remote management tools, identity management providers, and other IT companies to access networks of targeted entities, according to Microsoft.

The new cloud security startup uses AI to scan cloud applications and systems for issues before they are deployed.

The chipmakers patched bugs, mostly critical and high severity, that affect everything from smartphones to TVs to artificial intelligence platforms.

The Iran-linked nation-state group made its debut with a stealthy, sophisticated, and laser-focused cyber-espionage attack on targets in UAE.

The letters mimic typical ransom notes and threaten to delete or leak compromised data if payments aren't made, though none of the organizations that received them had active ransomware attacks.

Many CISOs are weighing the benefits of going virtual as a consultant. Can the pendulum swing in the other direction?

The future of the formerly fearsome cybercriminal group remains uncertain as key members have moved to a new affiliation, in fresh attacks that use novel persistence malware BackConnect.

A global report published by the World Economic Forum points to a new "world order characterized by greater instability, polarizing narratives, eroding trust, and insecurity.

The now-patched bugs are under active exploit and enable attackers to carry out a wide range of malicious activities, including escaping a virtual machine and gaining access to the underlying host.

Palo Alto Networks' Unit 42 details how a threat actor is dodging detection with careful targeting and the use of Amazon's native email tools.

Amnesty International said Serbian police used an exploit chain in tandem with a legitimate mobile extraction dongle from vendor Cellebrite in an attack that brings up questions around ethical technology development.

The $215 million acquisition will allow Jamf to offer dynamic identity capabilities and device access in a single platform.

Fraudulent IT workers are looking for engineering and developer positions in the US and Japan, and this time it's not about espionage.

Media reports over the weekend suggested the Trump administration ordered US Cyber Command and CISA to draw down cyber activities targeting Russia.