darkreading

Three vulnerabilities in the service's Apache Airflow integration could have allowed attackers to take shadow administrative control over an enterprise cloud infrastructure, gain access to and exfiltrate data, and deploy malware.

Program designed to validate and sharpen cybersecurity skills for working professionals.

Getting inside the mind of a threat actor can help security pros understand how they operate and what they're looking for — in essence, what makes a soft target.

Arctic Wolf plans to integrate Cylance's endpoint detection and response (EDR) technology into its extended detection and response (XDR) platform.

Artificial intelligence capabilities are coming to a desktop near you — with Microsoft 365 Copilot, Google Gemini with Project Jarvis, and Apple Intelligence all arriving (or having arrived). But what are the risks?

While low-code/no-code tools can speed up application development, sometimes it's worth taking a slower approach for a safer product.

The sector must prioritize comprehensive data protection strategies to safeguard PII in an aggressive threat environment.

A thwarted attack demonstrates that threat actors using yet another delivery method for the malware, which already has been spread using phishing emails, malvertising, hijacking of instant messages, and SEO poisoning.

Defenders running the Cleo managed file transfer are urged to be on the lookout for the Cleopatra backdoor and other indicators of an ongoing ransomware campaign, as patching details remain foggy, and no CVE has been issued.

Businesses deploying large language models and other GenAI systems have a growing collection of open source tools for testing AI security.

A new side-channel attack method is a computationally practical way to infer the structure of a convolutional neural network — meaning that cyberattackers or rival companies can plagiarize AI models and take their data for themselves.

Open to players of all skill levels, the "Snow-mageddon" cybersecurity competition takes place in the world of Santa, elves, and Christmas mayhem.

As the adoption of LCNC grows, so will the complexity of the threats organizations face.

A sophisticated social engineering cybercrime campaign bent on financial gain was observed being run from Tencent servers in Singapore.

Under the program, HITRUST-certified organizations gain access to exclusive coverage and rates.

Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations.

Law enforcement across mainland China have been using EagleMsgSpy surveillance tool to collect mobile device data since at least 2017, new research shows.