As the lines between the physical and digital realms blur, widespread understanding of cyber threats to critical infrastructure is of paramount importance.

The campaign is especially notable for the remarkable lengths to which the threat actor went to maintain persistence on the target environment.

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

A failure to imagine — and prepare for — threats to outer-space related assets could be a huge mistake at a time when nation-states and private companies are rushing to deploy devices in a frantic new space race.

With the presidential election this year and an increase in cyberattacks and conflicts around the world, MITRE has outlined four important areas the incoming administration should focus on next year.

The Arid Viper APT group is deploying AridSpy malware with Trojanized messaging applications and second-stage data exfiltration.

A model can be perfectly innocent, yet still dangerous if the means by which it's packed and unpacked are tainted.

The company focused heavily on data and system security in the announcement of its generative AI platform, Apple Intelligence, but experts worry that companies will have little visibility into data security.

Though the company is informing affected individuals of a breach, it's keeping the nature and scope of the cybersecurity incident that led to it under wraps.

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Rockwell's dire ICS warning; a red alert on biometrics; cybersecurity for the Hajj season.

Meta's new subscription model points out the need for clearer and stricter regulations — ones that prioritize consumer privacy and control of personal data.

The cybersecurity agency issued a warning not to agree to any payment requests and to alert law enforcement or CISA after being contacted.

Apple's guarantee of privacy on every AI transaction could influence trustworthy AI deployments.

Creating and nurturing a corporate environment of proactive cybersecurity means putting people first — their needs, weaknesses, and skills.

More claims are being made across the US and Canada compared with previous years, with healthcare organizations leading the way.

A new month, a new high-risk Ivanti bug for attackers to exploit — this time, an SQL injection issue in its centralized endpoint manager.

The recently identified threat actor uses public registries for distribution and has expanded capabilities to disrupt the software supply chain.

Experiment demonstrates how AI can turn the tables on cybercriminals, capturing bank account details of how scammers move stolen funds around the world.

Why the company took so long to address the issue is not known given that most other stakeholders had a fix out for the issue months ago.

Strong partnerships and collaborations between industry and law enforcement are the most critical ways to take down cybercrime groups before they grow.

Against a backdrop of political conflict, a years-long cyber-espionage campaign in South Asia is coming to light.

Nvidia's latest GPUs are a hot commodity for AI, but security vulnerabilities could expose them to attacks from hackers.

Obtaining — and maintaining — a complete inventory of technology assets is essential to effective enterprise security. How do organizations get that inventory?

Critical infrastructure is facing increasingly disruptive threats to physical processes, while thousands of devices are online with weak authentication and riddled with exploitable bugs.

Face scans stored like passwords inevitably will be compromised, like passwords are. But there's a crucial difference between the two that organizations can rely on when their manufacturers fail.

As city officials continue to investigate, it's unclear which systems were affected and whether it was a ransomware attack.

Accused cybercriminal has special skills that helped Conti and LockBit ransomware evade detection, according to law enforcement.

An RCE vulnerability that affects the Web scripting language on Windows systems is easy to exploit and can provide a broad attack surface.

Alignment between these domains is quickly becoming a strategic imperative.

The threat group behind breaches at Caesars and MGM moves its business over to a different ransomware-as-a-service operation.

Lacework has been looking for a buyer for some time. The deal gives Fortinet a boost in the cloud security space.

Greater collaboration between financial and law enforcement officials is needed to dismantle cybercrime scam centers in Cambodia, Laos, and Myanmar, which rake in tens of billions of dollars annually — and affect victims worldwide.

CVE-2024-30080 is the only critical issue in Microsoft's June 2024 Patch Tuesday update, but many others require prompt attention as well.

The two jurisdictions will work together to investigate the credential-stuffing attack that put the personal data of millions at risk.

Operations at Synnovis medical labs have been disrupted for more than a week, prompting the NHS to implore the public to donate blood.

The US government launched a self-attestation form asking software developers to affirm their software was developed securely. Compliance starts today for software used in critical infrastructure.

The fresh-baked malware is being widely distributed, but still specifically targets individuals with tailored lures. It's poised to evolve into a bigger threat, researchers warn.

If CEOs want to avoid being the target of government enforcement actions, they need to take a personal interest in ensuring that their corporation invests in cybersecurity.

In response to recent public outcry, Recall is getting new security accouterments. Will that be enough to quell concerns?

A threat actor has accessed data belonging to at least 165 organizations using valid credentials to their Snowflake accounts, thanks to no MFA and poor password hygiene.

VoIP gear, hypervisors, medical equipment, building automation, printers, and more pose broad risk to organizations, with many facing danger from a combo of IT, IoT, and OT all at once. This listicle breaks it down.

Pseudonymous masking has made credit card transactions more secure, but Visa has even greater plans for tokenization: giving users control of their data.

The tranche of data, lifted from underprotected GitHub repositories, reportedly includes source code, though the country's paper of record has not yet confirmed the nature of the data accessed.