What the industrialization of exploitation means for defenders
For decades, cybersecurity was a battle of skill. Elite attackers versus elite defenders.
20 articles
For decades, cybersecurity was a battle of skill. Elite attackers versus elite defenders.
Online or telephone IT support scams have been tricking employees into downloading or clicking on malware for years. But according to the FBI, one group that...
Over the next three to five years, both governments and the private sector will need to rapidly adapt identification and mitigation protocols as adversaries ...
CISOs relying on LLM runtime guardrails and official safety scores when making security decisions about their organizations’ AI usage and model selection are...
A single malformed character in a web request can let an unauthenticated attacker slip past the access controls that guard applications built on Starlette, t...
For most of my career running security operations, the shape of cyber conflict has been defined by who could move faster than the other side. Faster at ident...
Data security posture management (DSPM) explained Data security posture management (DSPM) tools help security teams examine their entire data environment to ...
Microsoft is previewing a new automatic device isolation capability in Defender for Endpoint’s auto attack disruption tool to help security pros contain cybe...
A large-scale automated GitHub backdooring campaign was caught pushing thousands of malicious commits into public repositories while posing as routine CI/CD ...
A malicious package campaign across npm, PyPI, and Crates.io has put developer workstations back under scrutiny, after researchers said it targeted developer...
I’ve spent years building compliance into security products. FedRAMP and Department of War Impact Level authorizations, vulnerability management pipelines: T...
Patching practices are coming under intense pressure of late, as time-to-exploit windows accelerate — a new reality likely to worsen as AI assistance in atta...
Cybersecurity experts are warning enterprise admins about an increasing number of phishing campaigns aimed at stealing Microsoft 365 (M365) access tokens to ...
Anthropic says it and upwards of 50 partners involved in Project Glasswing have uncovered an estimated 10,000 critical or high-severity vulnerabilities in th...
Enterprises cannot secure AI agents by making the underlying models more robust and must instead enforce security controls at the system level around them, r...
As AI coding assistants accelerate software development, one OWASP-backed open-source project is arguing that dependency security tooling still arrives too l...
If you were hit by ransomware tomorrow, would you pay to get your data back? That’s what more than half of CISOs in a recent survey said their organization w...
Chromium — the open-source browser that underpins Google Chrome, Microsoft Edge, and Opera, among others — contains an unpatched vulnerability that attackers...
The FBI has warned of the danger from a new wave of phishing attacks generated by a tool called Kali365. It enables cyber criminals to obtain Microsoft 365 a...
European authorities have cracked down on a VPN that has been used for various criminal activities. The operation, led by investigators in France and the Net...