darkreading

The true measure of our cybersecurity prowess lies in our capacity to endure.

The large-scale operation took advantage of open repositories, hardcoded credentials in source code, and other cloud oversights.

The Recall AI tool will be available to Copilot+ PC subscribers in December, and can be used to record images of every interaction on the device for review later. Critics say this introduces major privacy and security concerns along with useful functionality.

OWASP has released guidance materials addressing how to respond to deepfakes, AI security best practices, and how to secure open source and commercial generative AI applications.

The sophisticated Chinese cyberattacks of today rest on important groundwork laid during the pandemic and before.

Misconfigurations, weak authentication, and logic flaws are among the main drivers of API security risks at many organizations.

Factory automation software from Mitsubishi Electric and Rockwell Automation could be subject to remote code execution (RCE), denial-of-service (DoS), and more.

As organizations centralize IT security, the risk of espionage is silently becoming a more profitable threat.

When a CISO can articulate risk in context to the business as a whole, development teams can better prioritize their activities.

"See one, teach one, do one" takes a page out of the healthcare playbook to reduce human vulnerabilities where they matter most in cybersecurity.

The threat actors deceive their victims by impersonating the legal teams of companies, well-known Web stores, and manufacturers.

The 2024 ISC2 Cybersecurity Workforce Study found that amid a tightening job market and dynamic cyber-threat environment, ongoing staffing and skills shortages are putting organizations at serious risk. Can AI move the needle in defenders' favor?

Chinese APTs lurked in Canadian government networks for five years — and that's just one among a whole host of threats from Chinese bad actors.

The prominent state-sponsored advanced persistent threat (APT), aka Jumpy Pisces, appears to be moving away from its primary cyber-espionage motives and toward wreaking widespread disruption and damage.

Application security teams from Fortune 500 companies are already using Noma's life cycle platform, which offers organizations data and AI supply chain security, AI security posture management, and AI threat detection and response.

Knee-jerk reactions to major vendor outages could do more harm than good.

On the heels of a Chinese APT eavesdropping on phone calls made by Trump and Harris campaign staffers, Beijing says foreign nations have mounted an extensive seafaring espionage effort.

Despite the absence of laws specifically covering AI-based attacks, regulators can use existing rules around fraud and deceptive business practices.