darkreading

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Russia-linked hackers have taken aim at Japan, following its ramping up of military exercises with regional allies and the increase of its defense budget.

These types of "long-lived" credentials pose a risk for users across all major cloud service providers, and must meet their very timely ends, researchers say.

The networking company confirms that cyberattackers illegally accessed data belonging to some of its customers.

This latest breach was through Zendesk, a customer service platform that the organization uses.

The emergence of novel anti-detection kits for sale on the Dark Web limit the effectiveness of a Chrome browser feature that warns users that they have reached a phishing page.

The future of application security is no longer about reacting to the inevitable — it's about anticipating and preventing attacks before they can cause damage.

The "Code-on-Toast" supply chain cyberattacks by APT37 delivered data-stealing malware to users in South Korea who had enabled Toast pop-up ads.

The European Union adopted a new law setting EU-wide cybersecurity requirements for connected devices to ensure their safety.

Microsoft researchers toyed with app permissions to uncover CVE-2024-44133, using it to access sensitive user data. Adware merchants may have as well.

Adoption of the email authentication and policy specification remains low, and only about a tenth of DMARC-enabled domains enforce policies. Everyone is waiting for major email providers to get strict.

The security firm is denying an assessment that its systems were compromised in Israel by pro-Palestinian cyberattackers, but acknowledged an attack on one of its partners.

A survey shows three-quarters of CISOs are drowning in threat detections put out by a sprawling stack of tools, yet still lack the basic visibility necessary to identify breaches.

This year, the majority of developers have adopted AI assistants to help with coding and improve code output, but most are also creating more vulnerabilities that take longer to remediate.

Traditional practices are no longer sufficient in today's threat landscape. It's time for cybersecurity professionals to rethink their approach.

The scammers used real-time deepfakes in online dating video calls to convince the victims of their legitimacy.

Days after facing a major breach, the site is still struggling to get fully back on its feet.