darkreading

Gutting CISA won't just lose us a partner. It will lose us momentum. And in this game, that's when things break.

This year's top cyber challenges include cloud authorization sprawl, ICS cyberattacks and ransomware, a lack of cloud logging, and regulatory constraints keeping defenders from fully utilizing AI's capabilities.

A panelist of SANS Institute leaders detailed current threats and provided actionable steps for enterprises to consider.

Real IDs have been in the works since 2005. Are their security standards still rigorous enough in 2025?

Microsoft has set May 5 as the deadline for bulk email compliance. In this Tech Tip, we show how organizations can still make the deadline.

Organizations are underestimating the advanced technology's risks to the software supply chain, according to a new LevelBlue report.

How one unreasonable client got lucky during a cyber incident, despite their unreasonable response to the threat.

Microsoft's David Weston describes the new feature as the most significant architectural Windows security change in a generation.

Russia's cyberattacks on Ukraine have increased dramatically, targeting the country's government and defense infrastructure.

The China-linked cyber-operations group, better known as Lotus Panda, uses its own custom malware to focus on government agencies and private companies in Hong Kong, the Philippines, Taiwan, and Vietnam.

Cisco joins the agentic AI wave with the introduction of advanced LLMs to autonomously verify and investigate attacks.

The chat infrastructure and data-leak site of the notorious ransomware-as-a-service group has been inactive since March 31, according to security vendors.

Jen Easterly, former director of CISA, discussed the first 100 days of the second Trump administration and criticized the president's "mandate for loyalty" during a panel at RSAC 2025.

While nation-state actors are demonstrating how easily they can infiltrate US networks, government officials don't seem to have a clear vision for what comes next.

A SLAAC-spoofing, adversary-in-the-middle campaign is hiding the WizardNet backdoor malware inside updates for legitimate software and popular applications.

Dan Gorecki and Scott Brammer's interactive session during RSAC Conference 2025 encouraged security professionals to rethink their security postures and address evolving and emerging risks.

Opportunistic threat actors targeted Portuguese and Spanish speakers by spoofing Portugal's national airline in a campaign offering compensation for delayed or disrupted flights.

Secretary Noem asks the cybersecurity community to get in touch with CISA to help reshape the agency to focus on finding efficiencies.

Leaders at federal research organizations DARPA, ARPA-I, and ARPA-H discussed the myriad obstacles in addressing critical infrastructure security at RSAC Conference 2025.

Thousands of automatic tank gauge (ATG) devices are accessible over the Internet and are just "a packet away" from compromise, security researcher warns at 2025 RSAC Conference.