darkreading

In the past, the vulnerability was exploited to drop Mirai botnet malware. Today, it's being used once more for another botnet campaign with its own malware.

To truly become indispensable in the boardroom, CISOs need to meet the dual demands of defending against sophisticated adversaries while leading resilience strategies.

The number of zero-day vulnerabilities getting patched in Microsoft's March update is the company's second-largest ever.

Plankey has served in numerous cybersecurity positions in the past, including during the first Trump presidency from 2018-2020.

A Libya-linked threat actor has resurfaced attacking the Middle East and North Africa, using the same old political phishing tricks to deliver AsyncRAT that have worked for years.

While deregulation may open opportunities for growth and innovation, it also creates new risks that demand a proactive, accountable approach to security.

Analysts weigh in on how democratizing cybersecurity could benefit organizations, particularly SMBs, as threats increase across the landscape.

An email campaign luring users with offers of free President Trump meme coins can lead to computer takeover via the ConnectWise RAT, in less than 2 minutes.

The likely India-based threat group is also targeting logistics companies in a continued expansion of its activities.

The program underwent a series of changes in the past year, including richer maximum rewards in a variety of bug categories.

The South American-based advanced persistent threat group is using an exploit with a "high infection rate," according to research from Check Point.

Clandestine kill switch was designed to lock out other users if the developer's account in the company's Windows Active Directory was ever disabled.

In the battle against two-minute micro-attacks that can knock out critical communication services, the difference between success and failure can literally come down to seconds.

Microsoft has identified a complex, malvertising-based attack chain that delivered Lumma and other infostealers to enterprise and consumer PC users; the campaign is unlikely the last of its kind.

The group is using the Medusa malware and taking up space once held by other notable ransomware groups like LockBot, increasing its victim list to 400 and demanding astoundingly high ransoms.

Manufacturers and infrastructure providers are gaining options to satisfy regulations and boost cyber safety for embedded and industrial control systems, as EMB3D, STRIDE, and ATT&CK for ICS gain traction.

With hundreds of artificial intelligence models found harboring malicious code, cybersecurity firms are releasing technology to help companies manage their AI development and deployment efforts.

Fortra, Microsoft, and Health-ISAC have combined forces to claw back one of hackers' most prized attack tools, with massive takedowns.

More than 41,000 ESXi instances remain vulnerable to a critical VMware vulnerability, one of three that Broadcom disclosed earlier this week.

The pair found a loophole through StubHub's services, allowing them to steal tickets and resell them for personal profit, amassing hundreds of thousands of dollars.