darkreading

Despite a law enforcement sweep last May, the sophisticated downloader malware is re-emerging.

If it's exploited, bad actors can execute arbitrary code while evading detection thanks to a renamed process.

The vulnerability affects all versions prior to v0.68.0 and highlights the risks organizations assume when consuming open source software and code.

Cybersecurity is not "one size fits all." Employers, recruiters, and managers need to embrace neurodiversity through inclusive hiring practices, tailored training programs, and adaptive management styles.

Without DMARC, campaigns remain highly susceptible to phishing, domain spoofing, and impersonation.

GoDaddy flagged a ClickFix campaign that infected 6,000 sites in a one-day period, with attackers using stolen admin credentials to distribute malware.

The persistent infostealer's latest campaign inserts fake CAPTCHA pages into legitimate applications, fooling users into executing the malicious payload, researchers find.

There are more similarities between developing a professional athlete and developing a cybersecurity pro than you might expect.

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Russia-linked hackers have taken aim at Japan, following its ramping up of military exercises with regional allies and the increase of its defense budget.

These types of "long-lived" credentials pose a risk for users across all major cloud service providers, and must meet their very timely ends, researchers say.

The networking company confirms that cyberattackers illegally accessed data belonging to some of its customers.

This latest breach was through Zendesk, a customer service platform that the organization uses.

The emergence of novel anti-detection kits for sale on the Dark Web limit the effectiveness of a Chrome browser feature that warns users that they have reached a phishing page.

The future of application security is no longer about reacting to the inevitable — it's about anticipating and preventing attacks before they can cause damage.

The "Code-on-Toast" supply chain cyberattacks by APT37 delivered data-stealing malware to users in South Korea who had enabled Toast pop-up ads.

The European Union adopted a new law setting EU-wide cybersecurity requirements for connected devices to ensure their safety.