darkreading

Researchers flagged a pair of Gallup site XSS vulnerabilities.

Researchers flagged a pair of Gallup polling site XSS vulnerabilities that could have allowed malicious actors to execute arbitrary code, access sensitive data, or take over a victim account.

A PRC threat cluster known as "Crimson Palace" is demonstrating the benefits of having specialized units carry out distinct stages of a wider attack chain.

It takes more than technical knowledge to write about cybersecurity in a way people want to read. It takes creativity, discipline, and other key skills.

CISA has added CVE-2024-40766 to its Known Exploited Vulnerabilities catalog.

Though the company reports that data was exfiltrated in the breach, it has been remained tightlipped regarding the kind of data that was exposed.

Endpoint security has been around for decades, but changes in device use and the quick evolution of new attacks have triggered the development of new security techniques.

The Chinese-speaking group is launching sophisticated malware towards military and satellite targets globally.

In the past, Putin's Unit 29155 has utilized malware like WhisperGate to target organizations, particularly those in Ukraine.

The vulnerabilities affect industrial control tech used across the healthcare and critical manufacturing sectors.

Vendors of mercenary spyware tools used by nation-states to track citizens and enemies have gotten savvy about evading efforts to limit their use.

The Biden administration launches an initiative to encourage careers in cybersecurity, as businesses try new tactics to get unfilled IT security roles staffed.

The funds from Germany's Sovereign Tech Fund will be used to integrate zero-trust capabilities, tools for software bill of materials, and other security features.

No organization can single-handedly defend against sophisticated attacks. Governments and private sector entities need to collaborate, share information, and develop defenses against cyber threats

New threats, an overburdened workforce, and regulatory pressures mean cloud service providers need a more resilient model than the shared responsibility framework. That's where "shared fate" comes in.

Retail employees are being duped into divulging their credentials by typosquatting malvertisements.

In the past, the group has targeted different sectors in East and Southeast Asia, but recently has pivoted its focus to the Middle East, specifically to entities that publish human rights studies.