darkreading

The infostealer was delivered via CVE-2026-48558, a critical authentication bypass vulnerability in SimpleHelp, targeting credentials linking development and admin environments to wider enterprise systems.

One critical vulnerability, among many discovered by a researcher, could have allowed anyone to walk in and take over a national government portal.

Does life feel Orwellian sometimes? One researcher has a solution for you: graphic tees that confuse the neural networks in surveillance cameras.

Nation-state attackers breach water systems through weak passwords, exposed PLCs, and poor segmentation — not sophisticated malware.

Adversaries could plant a malicious repository that can execute arbitrary code and steal cloud credentials by exploiting the vulnerability, which showcases growing MCP risk.

Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks.

Companies are still experimenting with automated AI systems to find security weaknesses, but fewer are relying on the technology.

Cisco joins a growing list of security platform providers that are betting that securing the agentic workforce means turning identity into the primary control plane.

The Open Source Sustainability Initiative's goal is to help enterprises manage and secure aging open source projects while maintaining regulatory compliance.

Instead of eliminating jobs for early-career cyber pros, AI is creating new opportunities for candidates with strong human decision-making skills.

Getting accurate visibility into IT and OT systems will be compounded by multivendor environments, misaligned update life cycles, and interoperability gaps.

It might be taking a bit longer than usual to respond to your submissions — here's why.

The fintech company's engineering-first application security team reengineered the process for granting system access, making it easier and more secure for developers working on their projects. Here are the lessons learned from Robinhood's experience.

The flaw enables server-side request forgery (SSRF) and escalates privileges to root, impacting Cisco Unified CM and Unified CM SME deployments.

The FSB state-sponsored operation has gotten a lot better at loading its malware and hiding its servers.

Educational institutions, the edtech companies they rely on, and, more concerningly, the challenges they pose for schools are the focus of the latest Reporters' Notebook video series.

With tens of billions of dollars flowing into regional economies from cybercrime, scam centers continue to flourish, despite international and law-enforcement efforts.

After a global lull, ransomware gangs are setting sights on a rich new arena: attacking EU organizations and their suppliers.