The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of…
A large-scale automated GitHub backdooring campaign was caught pushing thousands of malicious commits into public repositories while posing as routine CI/CD upkeep. Researchers at SafeDep observed the campaign, Megalodon, touching…
Cited law that didn’t exist Pinsent Masons has been criticised by a High Court judge after AI-hallucinated legal authorities, produced during a junior lawyer’s research, were relied upon during insolvency…
The co-founder and former editor-in-chief passed away five years ago in November. As Dark Reading enters is third decade, we pause to celebrate and honor Wilson’s instrumental role in building…
A courtesy car is a short-term loan vehicle usually provided by a repairer while your car is in the workshop. A credit hire vehicle is a like-for-like replacement supplied on…
Every single day, hackers are finding new ways to crash websites and steal data. But right now, something has changed. Hackers are no longer working alone. They are now using…
Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be…
A malicious package campaign across npm, PyPI, and Crates.io has put developer workstations back under scrutiny, after researchers said it targeted developer workflows and AI coding assistant files. Researchers at…
Multi-factor authentication (MFA) was supposed to close a critical gap in identity security. It meant that, even if an attacker possessed the account credentials, they couldn’t log in without the…
Strategic integration combines BigHand Matter Pricing & Budgeting with Ayora’s AI and data enrichment capabilities to help law firms improve pricing transparency, profitability and commercial decision-making. The post BigHand and…
The Indian Computer Emergency Response Team (CERT-In) has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where “feasible” to…
I’ve spent years building compliance into security products. FedRAMP and Department of War Impact Level authorizations, vulnerability management pipelines: They all follow the same pattern. Build the product, then prove…
Suspended suspension and restrictions on social media activity A solicitor who posted antisemitic content and conspiracy theories on Twitter/X has been handed a suspended suspension after a tribunal ruled his…
The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software…
Patching practices are coming under intense pressure of late, as time-to-exploit windows accelerate — a new reality likely to worsen as AI assistance in attack chains rises. Now cyber defenders…