CISA chief frets about open-source vulnerabilities, delayed security improvements
Securing some of the open-source technology that serves as the backbone for all modern digital infrastructure is going to require some “hard decisions” amid a…
Securing some of the open-source technology that serves as the backbone for all modern digital infrastructure is going to require some “hard decisions” amid a…
Two cybersecurity-focused members of Congress agreed Thursday that reductions to the Cybersecurity and Infrastructure Security Agency have done too much damage to an agency essential…
Authorities arrested and unsealed charges against a Canadian man accused of running Kimwolf, one of the most far-reaching DDoS botnets on record, the Justice Department…
President Donald Trump said he would postpone the release of an executive order that would set up a 90-day testing and vetting regime for frontier…
There’s this old proverb that’s stuck with me over the years: “Dig the well before you are thirsty.” It really means you should prepare for…
On Wednesday, Microsoft released two new red teaming tools—Rampart and Clarity—,meant to help developers design more secure agentic software and assist incident responders in the…
GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that…
Attackers couldn’t get enough of the vulnerabilities at their disposal last year, making exploits the top initial access vector across more than 22,000 breaches Verizon…
Congressional Democrats want answers from the Cybersecurity and Infrastructure Security Agency about the reported public exposure of sensitive agency credential data on GitHub in an…
Microsoft seized infrastructure and disrupted a cybercrime service that created and sold more than 1,000 code-signing certificates that other cybercriminals used to make malware-riddled software…
A self-replicating malware campaign known as Mini Shai-Hulud has resurfaced, this time embedding itself across hundreds of npm packages. The threat actor behind it, identified…
As defenders get their hands on newer AI models with more powerful cybersecurity capabilities like Anthropic’s Mythos and OpenAI’s Daybreak, organizations are being told to…