The company suffered one sophisticated five-alarm campaign and one messy spray-and-pray attack, mere days apart.

New China-aligned APT group is deploying Group Policy to sniff through government networks across Southeast Asia and Japan.

Reports of patients being cared for by unqualified home-care aides with fake identities continue to emerge, highlighting a need for more stringent identity authentication.

AI adds real value to cybersecurity today, but it cannot yet serve as a single security guardian. Here's how organizations can safely combine AI-driven analysis with deterministic rules and proven security practices.

North Korea shifted its strategy to patiently target "bigger fish" for larger payouts, using sophisticated methods to execute attacks at opportune times.

In the latest attacks against the vendor's SMA1000 devices, threat actors have chained a new zero-day flaw with a critical vulnerability disclosed earlier this year.

"Prince of Persia" has rewritten the rules of persistence with advanced operational security and cryptographic communication with its command-and-control server.

The future of cybersecurity means defending everywhere. Securing IoT, cloud, and remote work requires a unified edge-to-cloud strategy. (First in a three-part series.)

As quantum computing advances, secure, interoperable standards will be critical to making quantum key distribution (QKD) practical, trusted, and future-proof.

In the React2Shell saga, nonworking and trivial proof-of-concept exploits led to confusion and perhaps a false sense of security. Can the onslaught of PoCs be tamed?

Attackers are targeting admin accounts, and once authenticated, exporting device configurations including hashed credentials and other sensitive information.

Anthropic proves that LLMs can be fairly resistant to abuse. Most developers are either incapable of building safer tools, or unwilling to invest in doing so.

The remote access Trojan lets an attacker remotely control a victim's phone and can generate malicious apps from inside the Play Store.

Threat actors wielding stolen AWS Identity and Access Management (IAM) credentials leverage Amazon EC and EC2 infrastructure across multiple customer environments.

A high-school student is tackling the overlooked risk of AI-generated satellite imagery that could mislead governments and emergency responders.

The key elements in a security operations center's strategy map align closely to the swim/bike/run events in a triathlon. SOCs, like triathletes, perform well when their "inputs" are strong.

Rapid digitization, uneven cybersecurity know-how, and growing cybercriminal syndicates in the region have challenged law enforcement and prosecutors.

But media reports described the attack as causing major disruption to PDVSA, the state-owned oil and natural gas company.

Amazon detailed a long-running campaign by Russia against critical infrastructure organizations, particularly in the energy sector.

Urban VPN Proxy, which claims to protect users' privacy, collects data from conversations with ChatGPT, Claude, Gemini, Copilot, and other AI assistants.