darkreading

Amazon's open source Cloud Development Kit generates dangerously predictable naming patterns that could lead to an account takeover.

Even after the ransom is paid, such attacks lead to spikes in strokes and heart attacks and increased wait times for patients.

An attacker compromised one of Fortinet's most sensitive products and mopped up all kinds of reconnaissance data helpful for future mass device attacks.

A government report's criticism of the 100x metric often used to justify fixing software earlier in development fuels a growing debate over pushing responsibility for secure code onto developers.

Unauthenticated threat actors can remotely cause a denial-of-service (DoS) cyberattack within the Remote Access VPN software in Cisco's ASA and Firepower software.

The latest GenAI jailbreak technique tricks chatbots into returning restricted content by blending different prompt topics together.

Until CEOs and boards prioritize learning more about mitigating threats, organizations are leaving themselves and their businesses open to the potential for disaster.

The Russian-language malware primarily enlists computers to mine Monero, but theoretically it can do worse.

The North Korean actor is going after cryptocurrency investors worldwide leveraging a genuine-looking game site and AI-generated content and images.

The software development kit will simplify building and testing of CHERI-enabled RISC-V applications.

Operation Overload pushes dressed up Russian state propaganda with the aim of flooding the US with election disinformation.

The risk of exploitation is heightened, thanks to a proof-of-concept that's been made publicly available.

Popular titles on both Google Play and Apple's App Store include hardcoded and unencrypted AWS and Azure credentials in their codebases or binaries, making them vulnerable to misuse by threat actors.

The longer we avoid reform, the further behind we'll fall in AI innovation — and the more vulnerable we'll be.

Despite a law enforcement sweep last May, the sophisticated downloader malware is re-emerging.

If it's exploited, bad actors can execute arbitrary code while evading detection thanks to a renamed process.