darkreading

The sophisticated Chinese cyberattacks of today rest on important groundwork laid during the pandemic and before.

Misconfigurations, weak authentication, and logic flaws are among the main drivers of API security risks at many organizations.

Factory automation software from Mitsubishi Electric and Rockwell Automation could be subject to remote code execution (RCE), denial-of-service (DoS), and more.

As organizations centralize IT security, the risk of espionage is silently becoming a more profitable threat.

When a CISO can articulate risk in context to the business as a whole, development teams can better prioritize their activities.

"See one, teach one, do one" takes a page out of the healthcare playbook to reduce human vulnerabilities where they matter most in cybersecurity.

The threat actors deceive their victims by impersonating the legal teams of companies, well-known Web stores, and manufacturers.

The 2024 ISC2 Cybersecurity Workforce Study found that amid a tightening job market and dynamic cyber-threat environment, ongoing staffing and skills shortages are putting organizations at serious risk. Can AI move the needle in defenders' favor?

Chinese APTs lurked in Canadian government networks for five years — and that's just one among a whole host of threats from Chinese bad actors.

The prominent state-sponsored advanced persistent threat (APT), aka Jumpy Pisces, appears to be moving away from its primary cyber-espionage motives and toward wreaking widespread disruption and damage.

Application security teams from Fortune 500 companies are already using Noma's life cycle platform, which offers organizations data and AI supply chain security, AI security posture management, and AI threat detection and response.

Knee-jerk reactions to major vendor outages could do more harm than good.

On the heels of a Chinese APT eavesdropping on phone calls made by Trump and Harris campaign staffers, Beijing says foreign nations have mounted an extensive seafaring espionage effort.

Despite the absence of laws specifically covering AI-based attacks, regulators can use existing rules around fraud and deceptive business practices.

The company's data loss prevention platform helps customers identify and classify data across SaaS and GenAI applications, endpoints, and email.

A national security memorandum on artificial intelligence tasks various federal agencies with securing the AI supply chain from potential cyberattacks and disseminating timely threat information about them.

The Russian-backed group is using a novel access vector to harvest victim data and compromise devices in a large-scale intelligence-gathering operation.

In a vengeful move against the happiest place on Earth, the former employee allegedly used his old credentials to make potentially deadly changes.