darkreading

Hackers are valuing quality over quantity, using AI to upgrade their phishing attacks rather than multiply them.

Initial methods suggest attackers had likely mapped out Ivanti's asset landscape upfront and acted quickly once the exploit became public.

Operational technology security remains as difficult as ever, with even the best practice recommendation falling short.

North Korea's gross domestic product (GDP) has grown, in part because of the nation's state-sponsored cybercrime groups, which target financial firms and other businesses.

The new directive gives federal agencies three days to fix the most dangerous flaws, while less severe issues can be deferred.

Security research inadvertently led organizations to believe they were being breached through their ServiceNow instances.

As companies adopt AI, many insurance firms are explicitly excluding AI risks, while others are forging ahead to create the right framework. What risks can firms reasonably manage?

The disgruntled researcher released yet another PoC for a Windows Defender bug that allows for system takeover, showing no signs of abandoning their ongoing feud with Microsoft.

Former National Cyber Director Chris Inglis warns that cyberattacks threaten hospitals, utilities, and essential services.

Voluminous patch updates could soon be the norm, as artificial intelligence accelerates the speed and scale of vulnerability discovery.

“Ghost-Sender" is the result of a widespread misconfiguration, according to researchers, and evidence indicates it's being actively abused in the wild.

The attacks stemmed from a GitHub account that was also compromised in a previous Miasma attack on Microsoft last month.

Two separate campaigns target CVE-2025-8088, fixed last July, to conduct data theft and cyberespionage against military and government targets in Ukraine.

AI-generated content threatens credibility in cybersecurity. This "Ask the Expert" column explores why human oversight matters and how to maintain authentic narratives.

The financially motivated group is combining vishing, IT impersonation, and in-person office intrusions to steal data and extort victims.

A newly discovered, critical zero-day vulnerability is under attack; a Qilin ransomware affiliate has been blamed for at least one incident.

An extension of the Geneva Conventions could impose restrictions on cyberwarfare under ceasefire conditions and close a major loophole in international conflict.