darkreading

Security programs trust AI data files, but they shouldn't: they can conceal malware more stealthily than most file types.

Two massive technical outages over the past year underscore the need for cybersecurity teams to consider how to recover safely from disruptions without creating new security risks.

Ravin Academy, a school for the Iranian state hackers of tomorrow, has itself, ironically, been hacked.

The emergence of Data Security Posture Management (DSPM) in early 2023, followed by major acquisitions by companies like IBM, Thales, and Palo Alto Networks, demonstrates industry recognition of the need for a more holistic approach to data protection.

In the "PhantomRaven" campaign, threat actors published 126 malicious npm packages that have flown under the radar, while collecting 86,000 downloads.

New research shows AI crawlers like Perplexity, Atlas, and ChatGPT are surprisingly easy to fool.

A subsidiary of Japanese marketing and PR giant Dentsu lost sensitive data to unidentified threat actors, the parent company said.

Firms using Azure infrastructure gained a reprieve from a security-focused switch that could have broken apps that relied on public Internet access.

Infamous botnets like Mirai are exploiting Web-exposed assets such as PHP servers, IoT devices, and cloud gateways to gain control over systems and build strength.

The best security training programs build strong security culture by focusing on high-risk groups, including developers, executives, and finance pros.

Africa becomes a proving ground for AI-driven phishing, deepfakes, and impersonation, with attackers testing techniques against governments and enterprises.

Development teams that fail to create processes around AI-generated code face more technical and security debt as vulnerabilities get replicated.

Security analyst Michael Robinson spent 14 months mining thousands of legal filings to uncover who malicious insiders really are, how they operate, and why traditional detection models keep missing them.

Myke Lyons, CISO at data-processing SaaS company Cribl, shares how he cooked up an unconventional journey from culinary school to cybersecurity leadership.

Security teams invest in AI for automated remediation but hesitate to trust it fully due to fears of unintended consequences and lack of transparency.

The malware operation uses compromised accounts and bot networks to distribute infostealers and has tripled its output in 2025.

Numerous organizations have been attacked via Oracle EBS zero-day CVE-2025-61882, and evidence suggests more like Schneider Electric could be on that list.

Two campaigns targeting fintech execs and Web3 developers show the APT going cross-platform in financially motivated campaigns that use fake business collaboration and job recruitment lures.

A Morocco-based gift card fraud campaign is a sign of what retailers can expect this holiday season.

While investigating the cyberattacks, researchers uncovered a new spyware product from Memento Labs, the successor to the infamous Hacking Team.