Cyberattacks tripled over the past year in Israel, making it the most targeted nation in 2023, as cyber operations become a standard part of military conflicts and global protests.

A third-party telephony service provider for Cisco Duo falls prey to social engineering, and the company advises customer vigilance against subsequent phishing attacks.

Roku assures customers that no financial information was stolen and that any purchases made through user accounts have been reimbursed.

A sophisticated threat actor is leveraging the bug to deploy a Python backdoor for stealing data and executing other malicious actions.

Handala threat group claims to have hacked radar systems in Israel as tensions rise between the two nations.

A Russian-language cyberattack campaign impersonates legitimate game operations to spread various cross-platform infostealers.

The responsibility to hold Microsoft accountable for abiding by its self-proclaimed principles shouldn't fall to customers and competition authorities.

But just how the government differentiates its platform from similar private-sector options remains to be seen.

Akamai joins a growing list of security vendors aiming to strengthen companies' DNS defenses.

Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: facing hard truths in software security, and the latest guidance from the NSA.

Though Federal Civilian Executive Branch (FCEB) agencies are the primary targets, CISA encourages all organizations to up their security, given the high risk.

Microsoft, Google, and Simbian each offers generative AI systems that allow security operations teams to use natural language to automate cybersecurity tasks.

Attacks on critical infrastructure are ramping up — but organizations now have the knowledge and tools needed to defend against them.

With stores of mega-corporate business intelligence, a Sisense compromise could potentially mushroom into supply chain cyberattack disaster, experts fear.

Project behind the Rust programming language asserted that any calls to a specific API would be made safe, even with unsafe inputs, but researchers found ways to circumvent the protections.

North Korean hackers break ground with new exploitation techniques for Windows and macOS.

Led by industry veterans Gadi Evron and Sounil Yu, the new company lets organizations adjust how much information LLMs provide based on the user's role and responsibilities.

Attackers have compromised an 8-year-old version of the cloud platform to distribute various malware that can take over infected systems.

In new threat notification information, Apple singled out Pegasus vendor NSO Group as a culprit in mercenary spyware attacks.

A machine learning bill of materials (MLBOM) framework can bring transparency, auditability, control, and forensic insight into AI and ML supply chains.

Phony call center company conducted online fraud and other Internet scams.

Following the Volt Typhoon attacks on critical infrastructure in the region by China, the US reportedly will share cybersecurity threat information with both countries.

Much of the open source code embedded in enterprise software stacks comes from small, under-resourced, volunteer-run projects.

Prioritizing security and user experience will help you build a robust and reliable authentication system for your business.

Agency encourages broader use of encryption, data-loss prevention, as well as data rights management to safeguard data, networks, and users.

It's finally happening: Rather than just for productivity and research, threat actors are using LLMs to write malware. But companies need not worry just yet.

Though a municipal agency assures the public that few are affected, hundreds have their data held ransom for $100,000 by the ransomware gang.

In a cyberattack more reminiscent of the 2010s, a seemingly lone hacker fleeced a major corporation for millions of open customer records.

Various anti-detection features, including the use of the ScrubCrypt antivirus-evasion tool, fuel an attack that aims to take over Microsoft Windows machines.

Global organizations and geopolitical entities must adopt new strategies to combat the growing sophistication in attacks that parallel the complexities of our new geopolitical reality.

A cheat sheet for all of the most common techniques hackers use, and general principles for stopping them.

Google has integrated Mandiant's security offerings into its AI platform to detect, stop, and remediate cybersecurity attacks as quickly as possible.

The device management company introduced a Fleet Hardening Score and Privilege Escalation (the good kind) to its endpoint security platform for Apple devices.

Microsoft patched a record number of 147 new CVEs this month, though only three are rated "Critical."

Scans showed that 91,000 devices are exposed and at risk for unauthorized access and TV set takeover.

As more electric vehicles are sold, the risk to compromised charging stations looms large alongside the potential for major cybersecurity exploits.

Distributed denial-of-service attacks still plague the enterprise, but adding preventive measures can reduce their impact.

We are potentially encroaching on a water supply crisis if data center operators, utilities, and the government don't implement preventative measures now.

The company is asking users to retire several network-attached storage (NAS) models to avoid compromise through a publicly available exploit that results in backdooring.

We need more than "do-it-yourself" approaches to threats that clearly rise to the level of national security issues.

Novacoast's Apex Program prepares individuals with visual impairments for cybersecurity careers.

With a complex attack chain and using Telegram for its command and control, CoralRaider targets victims in Asian countries — and appears to have accidentally infected itself as well.