A targeted attack aiming to exploit geopolitical relations between India and Europe delivers previously undocumented, uniquely evasive backdoor malware.

Petty scammers have figured out how to leverage a core function of DNS in order to maintain scalable, stealthy, pliable malicious infrastructure.

The China-backed APT that's been trying to set itself up inside US critical infrastructure for the purpose of disrupting physical processes is deploying a similar playbook in Africa.

Trusted brands like The Economist are also among the 8,000 entities compromised by Operation SubdoMailing, which is at the heart of a larger operation of a single threat actor.

Is LockBit dead? Law enforcement and the group itself seem to be telling conflicting stories.

Chinese government agencies are paying an APT, masked as a legitimate company, to spy on foreign and domestic targets of political interest.

Vulnerability CVE-2024-23204, affecting Apple's popular Shortcuts app, suggests a critical need for ongoing security awareness in the macOS and iOS ecosystem.

New guidance expands the framework to consider organizations beyond critical infrastructure; it also addresses governance and supply chain cybersecurity.

Government will provide additional cybersecurity training and recruit additional cybersecurity talent in an effort to better secure its industrial sector from attacks.

In the notice letter sent out to affected individuals, U-Haul notes that credit card information was not accessed in the breach.

In what could be an enforcement nightmare, potentially millions of dollars in fines, reputational damage, shareholder lawsuits, and other penalties await companies that fail to comply with the SEC's new data-breach disclosure rules.

Litigation and regulatory enforcement are increasing risks for companies and cybersecurity leaders. Something must be done to protect the profession.

It's time for companies to look at what they're processing, what types of risk they have, and how they plan to mitigate that risk.

Public-private partnerships, increasing cybersecurity budgets for public organizations, and retraining existing tech talent to make the jump to cyber will help ease the staffing crunch.

Amid a spike in attacks, now is a good time for brands to strengthen their cybersecurity strategy.