MOVEit drove a big chunk of the increase, but human vulnerability to social engineering and failure to patch known bugs led to a doubling of breaches since 2023, said Verizon Business.

The breach was carried out with stolen Citrix credentials for an account that lacked multifactor authentication. Attackers went undetected for days, and Change Healthcare's backup strategy failed.

Weaponizing Microsoft's own services for command-and-control is simple and costless, and it helps attackers better avoid detection.

The CVE-2024-27322 security vulnerability in R's deserialization process gives attackers a way to execute arbitrary code in target environments via specially crafted files.

The purported metadata for each these containers had embedded links to malicious files.

Malaysia, Singapore, and Ghana are among the first countries to pass laws that require cybersecurity firms — and in some cases, individual consultants — to obtain licenses to do business, but concerns remain.

Attackers will likely use software bills-of-material (SBOMs) for searching for software potentially vulnerable to specific software flaws.

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: security license mandates; a move to four-day remediation requirements; lessons on OWASP for LLMs.

Likely China-linked adversary has blanketed the Internet with DNS mail requests over the past five years via open resolvers, furthering Great Firewall of China ambitions. But the exact nature of its activity is unclear.

Attacks by a previously unknown threat actor leveraged two bugs in firewall devices to install custom backdoors on several government networks globally.

Themed "The Art of Possible," this year's conference celebrates new challenges and opportunities in the age of AI.

With mergers and acquisitions making a comeback, organizations need to be sure they safeguard their digital assets before, during, and after.