Microsoft patched a record number of 147 new CVEs this month, though only three are rated "Critical."

RansomHub, which is speculated to have some connection to ALPHV, has stolen 4TB of sensitive data from the beleaguered healthcare company.

Much of the open source code embedded in enterprise software stacks comes from small, under-resourced, volunteer-run projects.

SaaS vendor to blame for exposing employee data that was ultimately leaked on Dark Web forum, according to the home improvement retailer.

One issue would have allowed cross-tenant attacks, and another enabled access to a shared registry for container images; exploitation via an insecure Pickle file showcases emerging risks for AI-as-a-service more broadly.

A cheat sheet for all of the most common techniques hackers use, and general principles for stopping them.

A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations.

Agency encourages broader use of encryption, data-loss prevention, as well as data rights management to safeguard data, networks, and users.

Though a municipal agency assures the public that few are affected, hundreds have their data held ransom for $100,000 by the ransomware gang.

In a cyberattack more reminiscent of the 2010s, a seemingly lone hacker fleeced a major corporation for millions of open customer records.

Cybersecurity is far more than a check-the-box exercise. To create companywide buy-in, CISOs need to secure board support, up their communication game, and offer awareness-training programs to fight social engineering and help employees apply what they've learned.

Investing in cybersecurity skills creates a safer digital world for everyone.

Global organizations and geopolitical entities must adopt new strategies to combat the growing sophistication in attacks that parallel the complexities of our new geopolitical reality.