darkreading

The loophole allows cyberattackers to exfiltrate company data via OpenAI's infrastructure, leaving no trace at all on enterprise systems.

Following a pandemic-era respite, financial fraud linked to synthetic identities is rising again, with firms potentially facing $3.3 billion in damages from new accounts.

Frameworks may seem daunting to implement — especially for government IT teams that may not have an abundance of resources and expertise. But beginning implementation is better than never starting.

A Charming Kitten subgroup is performing some of the most bespoke cyberattacks ever witnessed in the wild, to down select high-value targets.

While the cloud vulnerability was fixed prior to disclosure, the researcher who discovered it says it could have led to catastrophic attacks, alarming some in the security community.

The former CIA deputy director for digital innovation discusses resilience, cultural shifts, and cyber fundamentals in the AI era.

The proposed restructuring plan would address many concerns related to the social media platform, but risks remain for security teams.

Threat actors breached the MySonicWall service and accessed backup firewall configuration files belonging to "fewer than 5%" of its install base, according to the company.

Digital forensics offers a challenging but rewarding career path for cybersecurity professionals willing to invest in specialized knowledge and continuous learning.

The cloud now acts as the connecting infrastructure for many companies' assets — from IoT devices to workstations to applications and workloads — exposing the edge to threats.

Phishing-as-a-service (PhaaS) kits have become an increasingly popular way for lower-skill individuals who want to get into cybercrime.

Though the groups have shared their decision to go dark, threat researchers say there are signs that it's business as usual.

The AI era means attackers are smarter, faster, and hitting you where you least expect it — your sign-up funnel.

The new lightweight stealer, distributed via underground forums and cracked software, demonstrates an important evolution in the stealth of commodity infostealing malware.

The North Korea-linked group Kimsuky used ChatGPT to create deepfakes of military ID documents in an attempt to compromise South Korean targets.

The data security platform comes with a predictive capability that separates it from other offerings aimed at protecting enterprise data, the startup says.

"Chaotic Deputy" is a set of four vulnerabilities in the chaos engineering platform that many organizations use to test the resilience of their Kubernetes environments.

The newly emerged worm has spread across hundreds of open source software packages, stealing credentials and infecting other components without much direct attacker input.

Researchers say the commercial adtech platform and several other companies form the infrastructure of a massive cybercrime operation.

Highly deceptive FileFix uses code obfuscation and steganography and has been translated into at least 16 languages to power a global campaign.