darkreading

It's polite to listen to advice that people are willing to share, but not all of it will be useful for you. Here's how to separate the wheat from the chaff.

Attackers abuse concatenation, a method that involves appending multiple zip archives into a single file, to deliver a variant of the SmokeLoader Trojan hidden in malicious attachments delivered via phishing.

Meta has maintained that Facebook did not mislead investors by not including mention of the Cambridge Analytica scandal in its forward-looking risk disclosures, but the plaintiffs say it was a glaring omission.

Companies and organizations need to recognize the importance of investing in engineers who possess both the soft and hard skills required to secure open source software effectively.

Large language models (LLMs) can help app security firms find and fix software vulnerabilities. Malicious actors are on to them, too, but here's why defenders may retain the edge.

Direct cyberattacks on vehicles are all but unheard of. In theory, though, the opportunity is there to cause real damage — data extraction, full system compromise, even gaining access to safety-critical systems.

It remains unclear how the attackers gained access to Newpark Resources' system, or what they plan to do with any stolen data the strike may have spewed out.

The European Union's Digital Operational Resilience Act requires financial entities to focus on third-party risk, resilience, and testing.

The journey toward a successful DevSecOps implementation is complex, requiring a strategic approach to overcome the myriad challenges it presents.

Chinese APT groups increasingly lean on open source platform SoftEther VPN for network access. Now they're lending their know-how to Iranian counterparts.

Questions remain over what a corporate ban will achieve, since Canadians will still be able to use the app.

Though Cisco reports of no known malicious exploitation attempts, but thanks to a CVSS 10 out of 10 security vulnerability (CVE-2024-20418) three of its wireless access points are vulnerable to remote, unauthenticated cyberattacks.

The malware combines a miner and data stealer, and it packs functions that make detection and mitigation a challenge.

While training and credentialing organizations continue to talk about a "gap" in skilled cybersecurity workers, demand — especially for entry-level workers — has plateaued, spurring criticism of the latest rosy stats that seem to support a hot market for qualified cyber pros.

It's unclear what the threat actors have against this particular breed of cat, but it's taking down the kitty's enthusiasts with SEO-poisoned links and malware payloads.

Establishing realistic, practitioner-driven processes prevents employee burnout, standardizes experiences, and closes many of the gaps exposed by repeated one-offs.

The company comes out of stealth with a tool that integrates directly into the developer's IDE to find flaws, offer remediation advice, and training materials to write secure code.