darkreading

As part of their plea deal, the cybercriminal founders will also have to forfeit more than $200 million.

Citizen Lab director and founder Ron Deibert explained how civil society is locked in "vicious cycle," and human rights are being abused as a result, covering Israeli spyware, the Khashoggi killing, and an erosion of democratic norms in the US.

In 2024, it was Snowflake. In 2025, it's Salesforce. ShinyHunters is back, with low-tech hacks that nonetheless manage to bring down international megaliths like Google, Cisco, and Adidas.

With informed decision-making, organizations can strengthen their overall resilience and maintain the agility needed to adapt to emerging threats, without sacrificing innovation or productivity.

The fashion house is added to a list of other companies that have been impacted by similar breaches, including Tiffany & Co. and Louis Vuitton.

As autonomous vehicles continue to evolve, new research highlights the importance of rigorous security testing to protect against both intentional attacks and unintentional unsafe commands in teleoperation systems.

Secrets managers hold all the keys to an enterprise's kingdom. Two popular ones had longstanding, critical, unauthenticated RCE vulnerabilities.

The company, one of four finalists in this year's Black Hat USA Startup Spotlight competition, uses multi-agent system to build AI Digital Employees.

The now-patched vulnerabilities exist at the firmware level and enable deep persistence on compromised systems.

New research reveals that a malicious traffic distribution system (TDS) is run not by "hackers in hoodies," but by a series of corporations operating in the commercial digital advertising industry.

Using invisible prompts, the attacks demonstrate a physical risk that could soon become reality as the world increasingly becomes more interconnected with artificial intelligence.

Two critical vulnerabilities affect the security vendor's management console, one of which is under active exploitation. The company has updated cloud-based products but won't have a patch for its on-premises version until mid-August.

The ultimate goal is not just compliance — it's resilience.

The "Direct Send" feature simplifies internal message delivery for trusted systems, and the campaign successfully duped both Microsoft Defender and third-party secure email gateways.

The company will integrate Prompt Security's platform, which detects AI tools used in browsers and on desktops, into its Singularity platform.

Against the backdrop of the artificial intelligence surge, most African organizations have some form of cybersecurity awareness training but fail to test frequently and don't trust the results.

A trio of startup founders — GreyNoise's Andrew Morris, Thinkst Canary's Haroon Meer, and runZero's HD Moore — agree that raising venture capital funding can be beneficial, but a company's success depends on how well the product fits customer needs.

The jewelry retailer is warning customers that their data can and might be used maliciously.

A critical vulnerability in the trust model of Cursor, a fast-growing tool for LLM-assisted development, allows for silent and persistent remote code execution.

The networking giant said this week that an employee suffered a voice phishing attack that resulted in the compromise of select user data, including email addresses and phone numbers.