DARKReading

To be truly resilient in the ever-growing threat landscape, organizations need to balance protection with preparation.

The cybersecurity requirements follow an extended timeline over the next two years, and are meant to secure US shipping ports from disruption by malicious actors.

Up to now, the prolific China-sponsored cyber-espionage group has been mostly absent from the region, but a sophisticated and highly targeted attack on an African IT company shows Beijing is branching out.

While this emerging technology offers many benefits, digital twins also have several drawbacks, as these convincing impersonations can be used in social engineering attacks.

A red teamer is publishing research next month about how weaknesses in modern security products lay the groundwork for stealthy implants in AI-powered applications.

National authorities have issued seven arrest warrants in total relating to the cybercrime collective known as NoName057(16), which recruits followers to carry out DDoS attacks on perceived enemies of Russia.

Malicious actors already have already pounced on the zero-day vulnerability, tracked as CVE-2025-53770, to compromise US government agencies and other businesses in ongoing and widespread attacks.

We cannot keep reacting to vulnerabilities as they emerge. We must assume the presence of unknown threats and reduce the blast radius that they can affect.

Researchers discovered a novel phishing attack that serves the victim a QR code as part of supposed multifactor authentication (MFA), in order to get around FIDO-based protections.

Authentication in MCP — the backbone of agentic AI — is optional, and nobody's implementing it. Instead, they're allowing any passing attackers full control of their servers.