Application and platform security

Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.

Top Stories

Tip 29 Oct 2025
Set up MFA in Microsoft 365 to safeguard data

Learn how to set up multifactor authentication in Microsoft 365 to enhance security, prevent unauthorized access and protect critical business data across the organization. Continue Reading
By
- Helen Searle-Jones, Tritech Group
Tutorial 27 Oct 2025
Checking Exchange Online health with PowerShell automation

Learn how to use scripts to streamline Exchange Online monitoring, produce reports and address issues related to mail flow and other key areas before they affect your organization. Continue Reading
By
- Liam Cleary, SharePlicity

News 20 Feb 2025
Zero-CVE Chainguard Images gain customization option

Chainguard opens its container image builder factory to let users mix and match hardened container components while preserving a zero-vulnerability SLA. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 20 Feb 2025
Penetration testing vs. vulnerability scanning: What's the difference?

Confused by the distinctions between penetration testing and vulnerability scanning? You're not alone. Learn the key differences between the two and when to use each. Continue Reading
By
- Kyle Johnson, Technology Editor
- Andrew Froehlich, West Gate Networks
Tutorial 18 Feb 2025
Deploy a read-only domain controller for security, speed

A read-only domain controller requires a fair amount of work for a proper deployment, but it can be a great option for quicker logins for users in branch offices. Continue Reading
By
- Damon Garn, Cogspinner Coaction
News 12 Feb 2025
Docker Inc. CEO swap has analysts anticipating a sale

Industry watchers see the takeover by a former Oracle exec as the precursor to merging with a broader software development portfolio at a larger company. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 12 Feb 2025
Fortinet discloses second authentication bypass vulnerability

Fortinet disclosed CVE-2025-24472 in an updated advisory that confused some in the infosec community because it stated that 'reports show this is being exploited in the wild.' Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 11 Feb 2025
Microsoft plugs two zero-days for February Patch Tuesday

The company corrects active exploits in vulnerable Windows systems, one of which could give the attacker complete control if successful. Continue Reading
By
- Tom Walat, Site Editor
Tip 11 Feb 2025
How to build an API security strategy

Lax API protections make it easier for threat actors to steal data, inject malware and perform account takeovers. An API security strategy helps combat this. Continue Reading
By
- Colin Domoney
News 11 Feb 2025
Apple zero day used in 'extremely sophisticated attack'

CVE-2025-24200 is a zero-day vulnerability that bypasses Apple's USB Restricted Mode in iPhones and iPads and was exploited in the wild against 'specific targeted individuals.' Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 10 Feb 2025
DevSecOps platform tucks in API security as AI apps heat up

Harness merges with its sister company, Traceable, for API security, which has broadening appeal as organizations develop generative and agentic AI applications. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 10 Feb 2025
Trimble Cityworks zero-day flaw under attack, patch now

CVE-2025-0994 is a high-severity deserialization vulnerability that enables remote code execution in unpatched versions of Cityworks enterprise asset management software. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 06 Feb 2025
Unpatched.ai: Who runs the vulnerability discovery platform?

There is limited information on the AI-powered vulnerability discovery platform that emerged in December after it reported Microsoft vulnerabilities Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Tip 04 Feb 2025
How to properly implement Exchange Extended Protection

This security feature can better protect Exchange Server deployments to prevent a wide range of attacks and safeguard sensitive data transmitted over the network. Continue Reading
By
- Helen Searle-Jones, Tritech Group
Definition 04 Feb 2025
What is Internet Key Exchange (IKE)?

Internet Key Exchange (IKE) is a standard protocol used to set up a secure and authenticated communication channel between two parties via a virtual private network (VPN). Continue Reading
By
- Gavin Wright
- Andrew Zola
- Alexander S. Gillis, Technical Writer and Editor
News 04 Feb 2025
WatchTowr warns abandoned S3 buckets pose supply chain risk

WatchTowr researchers found that they could reregister abandoned Amazon S3 buckets and detail alarming ways that threat actors could exploit the attack surface. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 03 Feb 2025
NSFocus: DeepSeek AI hit with 'well planned' DDoS attacks

Cybersecurity vendor NSFocus said AI startup DeepSeek endured multiple waves of DDoS attacks from attackers since its reasoning model was released Jan. 20. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
Definition 31 Jan 2025
What is DOS (Disk Operating System)?

A DOS, or disk operating system, is an operating system (OS) that runs from a disk drive. The term can also refer to a particular family of disk operating systems, most commonly MS-DOS (Microsoft DOS). Continue Reading
By
- Rahul Awati
- Michael Cobb
Definition 30 Jan 2025
What is blockchain? Definition, examples and how it works

Blockchain is a distributed ledger technology (DLT) that's shared across a network of computers to keep a digital record of transactions. Continue Reading
By
- Kinza Yasar, Technical Writer
- Nick Barney, Technology Writer
- Mary K. Pratt
News 30 Jan 2025
Wiz reveals DeepSeek database exposed API keys, chat history

Wiz expressed concern about security shortcomings with AI tools and services amid the rapid adoption and rising popularity of offerings like DeepSeek-R1. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 29 Jan 2025
Google details adversarial AI activity on Gemini

Google identified APTs from more than 20 nations misusing its Gemini AI chatbot but noted that threat actors were unsuccessful in finding novel techniques or vulnerabilities. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 28 Jan 2025
Apple zero-day vulnerability under attack on iOS devices

Apple said the zero-day vulnerability, tracked as CVE-2025-24085, affects its CoreMedia framework and 'may have been actively exploited against versions of iOS before iOS 17.2.' Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
News 24 Jan 2025
AMD processor vulnerability inadvertently leaked early

The flaw was revealed when hardware manufacturer Asus published a patch for an 'AMD Microcode Signature Verification Vulnerability' to a gaming motherboard update page. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 23 Jan 2025
Eclypsium finds security issues in Palo Alto Networks NGFWs

Eclypsium researchers stressed how essential supply chain security is as threat actors increasingly target and exploit vulnerabilities in firewalls, VPNs and other edge devices. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 21 Jan 2025
Threat actors abusing Microsoft Teams in ransomware attacks

Sophos researchers observed two separate threat campaigns in which attackers used Microsoft Teams to pose as IT support personnel and gain access to victims' systems. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 16 Jan 2025
Tech industry experts digest cybersecurity executive order

IT pros assess a last-minute cybersecurity executive order with new directives on a broad swath of topics, from cybercriminal sanctions to AI and identity management. Continue Reading
By
- Beth Pariseau, Senior News Writer
- Arielle Waldman, Features Writer, Dark Reading
News 16 Jan 2025
ESET details UEFI Secure Boot bypass vulnerability

ESET researchers last year discovered an unsigned binary in a third-party UEFI application that could have been abused to bypass the Secure Boot process. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 14 Jan 2025
January Patch Tuesday resolves 3 Hyper-V zero-days

The number of vulnerabilities corrected for January Patch Tuesday is one of the highest in recent memory and includes three Hyper-V vulnerabilities exploited in the wild. Continue Reading
By
- Tom Walat, Site Editor
News 08 Jan 2025
Critical Ivanti Connect Secure zero-day flaw under attack

Although Ivanti has seen exploitation of CVE-2025-0282 in only Ivanti Connect Secure instances, Ivanti Policy Secure and ZTA gateways are also vulnerable to the flaw. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
Tip 08 Jan 2025
Top 15 email security best practices for 2025

Attackers exploit email every day to break into corporate networks, but the risk can be reduced by adhering to these 15 email security best practices. Continue Reading
By
- Sharon Shea, Executive Editor
- Peter Loshin, Former Senior Technology Editor
News 02 Jan 2025
Dozens of Chrome extensions hacked in threat campaign

Although data security vendor Cyberhaven disclosed that its Chrome extension was compromised on Dec. 24, additional research suggests the broader campaign could be months older. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
Feature 30 Dec 2024
Navigate the 2025 threat landscape with expert insights

AI technology and company employees can serve as both gateways and buffers against cyberthreats. Learn more from expert thought leaders on how to protect your environment in 2025. Continue Reading
By
- Alicia Landsberg, Senior Managing Editor
News 23 Dec 2024
10 of the biggest cybersecurity stories of 2024

Some of the biggest stories of the year include a massive IT outage, a record-setting ransom payment and devastating breaches at several U.S. telecommunications companies. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
Definition 23 Dec 2024
What is a proxy firewall?

A proxy firewall is a network security system that protects network resources by filtering messages at the application layer. Continue Reading
By
- Rahul Awati
Definition 17 Dec 2024
What is passwordless authentication?

Passwordless authentication allows a user to sign into a service without using a password. This is often done using certificates, security tokens, one-time passwords (OTPs) or biometrics. Continue Reading
By
- Kinza Yasar, Technical Writer
- Gavin Wright
- Alexander S. Gillis, Technical Writer and Editor
News 12 Dec 2024
Aqua Security warns of significant risks in Prometheus stack

The cloud security vendor called on Prometheus to provide users with additional safeguards to protect against misconfigurations discovered in the open source monitoring tool. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 10 Dec 2024
December Patch Tuesday shuts down Windows zero-day

Microsoft addresses 72 vulnerabilities, including 17 rated critical. Administrators should focus on patching the Windows OS to stop a flaw that has been exploited in the wild. Continue Reading
By
- Tom Walat, Site Editor
News 10 Dec 2024
Citrix NetScaler devices targeted in brute force campaign

Citrix advised NetScaler customers to ensure that their devices are fully updated and properly configured to defend against the recent spike in brute force attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 10 Dec 2024
Microsoft enhanced Recall security, but will it be enough?

Microsoft's controversial Recall feature began rolling out to certain Windows Insiders with Copilot+ PCs in November, with more expected to participate this month. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 09 Dec 2024
Attackers exploit vulnerability in Cleo file transfer software

Cleo disclosed and patched the remote code execution vulnerability in late October, but managed file transfer products have proved to be popular targets for threat actors. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Definition 09 Dec 2024
What is a session key?

A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between a user and another computer or between two computers. Continue Reading
By
- Rahul Awati
News 06 Dec 2024
Ultralytics YOLO AI model compromised in supply chain attack

While Ultralytics has not released an official security advisory, the company pulled two recent versions of its YOLO11 AI model after reports said they contained a cryptominer. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 05 Dec 2024
Amazon Q, Bedrock updates make case for cloud in agentic AI

Amazon and its partners rev their engines in anticipation of agentic AI with updates that challenge the cost and quality claims of self-hosted infrastructure competitors. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 04 Dec 2024
FOSS security concerns increase amid widespread adoption

A new report from the Linux Foundation, OpenSSF and Harvard University calls for transparency and standardization to address growing security risks in open source software. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Definition 27 Nov 2024
What is obfuscation and how does it work?

Obfuscation means to make something difficult to understand. Programming code is often obfuscated to protect intellectual property or trade secrets, and to prevent an attacker from reverse engineering a proprietary software program. Continue Reading
By
- Rahul Awati
- Ben Lutkevich, Site Editor
News 26 Nov 2024
Russian hackers exploit Firefox, Windows zero-days in wild

RomCom threat actors chain two Firefox and Windows zero-day vulnerabilities together in order to execute arbitrary code in vulnerable Mozilla browsers. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 22 Nov 2024
Volexity details Russia's novel 'Nearest Neighbor Attack'

The security company warned that the new attack style highlights the importance of securing Wi-Fi networks, implementing MFA and patching known vulnerabilities. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 21 Nov 2024
WasmCloud makes strides with Wasm component model

After a stall in 2023, this year's WASI Preview 2 pushed server-side WebAssembly forward, turning heads at companies such as American Express -- but it's far from mainstream use. Continue Reading
By
- Beth Pariseau, Senior News Writer
Podcast 21 Nov 2024
Rethinking 'secure by design' amid slippery SecOps shifts

An expert discusses the fallout from a CISA report that raised doubts about the last decade's DevSecOps trend, and where the industry goes from here. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 21 Nov 2024
IT pros revise pipelines for software supply chain security

Software supply chain security has reached an awkward stage for enterprise IT, as platform and security pros grapple with adding upstream tools to existing workflows. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 20 Nov 2024
Apple warns 2 macOS zero-day vulnerabilities under attack

The macOS Sequoia vulnerabilities are the latest to be targeted and exploited by threat actors as cybersecurity vendors report a shift in the landscape. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Tip 20 Nov 2024
User provisioning and deprovisioning: Why it matters for IAM

Overprivileged and orphaned user identities pose risks. Cybersecurity teams should be sure user profiles grant only appropriate access -- and only for as long as necessary. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 14 Nov 2024
Infoblox: 800,000 domains vulnerable to hijacking attack

While the 'Sitting Ducks' attack vector continues to pose a problem, Infoblox says domain registrars, DNS providers and government bodies remain inactive. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 12 Nov 2024
Microsoft halts 2 zero-days on November Patch Tuesday

The company addressed 88 vulnerabilities, including an Exchange Server spoofing flaw and a significant number of SQL Server bugs, this month. Continue Reading
By
- Tom Walat, Site Editor
News 07 Nov 2024
Google DORA issues platform engineering caveats

As with generative AI, the same techniques that can boost enterprise developer productivity can also slow and destabilize overall software delivery. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 05 Nov 2024
Google Cloud to roll out mandatory MFA for all users

Google's three-phase plan for mandatory MFA, which will culminate in late 2025, follows similar efforts from other cloud providers such as AWS and Microsoft. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Tip 04 Nov 2024
10 API security testing tools to mitigate risk

Securing APIs properly requires testing throughout their design lifecycle. Explore 10 leading API security testing tools for automated, continuous security testing. Continue Reading
By
- Dave Shackleford, Voodoo Security
- Michael Cobb
Tip 01 Nov 2024
API security testing checklist: 7 key steps

APIs are a common attack vector for malicious actors. Use our API security testing checklist and best practices to protect your organization and its data. Continue Reading
By
- Dave Shackleford, Voodoo Security
- Michael Cobb
News 31 Oct 2024
Lottie Player NPM package compromised in supply chain attack

Threat actors published compromised versions of the Lottie Player component on NPM, and the malicious code prompted users to access their cryptocurrency wallets. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 30 Oct 2024
Microsoft warns of Midnight Blizzard spear phishing campaign

The tech giant is notifying users affected by a recently observed campaign, which has targeted more than 100 victim organizations globally so far. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 29 Oct 2024
GitHub Copilot Autofix expands as AI snags software delivery

GitHub Copilot Autofix could help vulnerability management keep pace as the volume of AI-generated code swamps delivery processes, but can AI be trusted to rein in AI? Continue Reading
By
- Beth Pariseau, Senior News Writer
Opinion 29 Oct 2024
Study shows securing SaaS applications growing in importance

Securing all types of SaaS applications ranks high among security pros, but the broad mandate can mean the need for better SaaS security platforms and tools. Continue Reading
By
- John Grady, Principal Analyst
- Omdia
  Intelligence and advice powered by decades of global expertise and comprehensive coverage of the tech markets.
Feature 29 Oct 2024
CrowdStrike outage explained: What caused it and what’s next

A CrowdStrike update caused a massive IT outage, crashing millions of Windows systems. Critical services and business operations were disrupted, revealing tech reliance risks. Continue Reading
By
- Sean Michael Kerner
Opinion 28 Oct 2024
Omnissa-CrowdStrike union reunites management and security

Organizations have growing security and management needs, so partnerships between vendors such as the Omnissa-CrowdStrike partnership provide necessary synergy for IT staff. Continue Reading
By
- Gabe Knuth, Principal Analyst
- Omdia
  Intelligence and advice powered by decades of global expertise and comprehensive coverage of the tech markets.
News 28 Oct 2024
Delta sues CrowdStrike over IT outage fallout

Delta said it suffered $500 million in damages. CrowdStrike said the airline company's claims 'demonstrate a lack of understanding of how modern cybersecurity works.' Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
Definition 28 Oct 2024
What is two-factor authentication (2FA)?

Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves. Continue Reading
By
- Paul Kirvan
- Peter Loshin, Former Senior Technology Editor
- Michael Cobb
Tip 25 Oct 2024
Top 7 mobile device management tools to consider

From device security controls to onboarding features, MDM tools offer a wide range of capabilities. IT teams should explore the options to find the software that fits their needs. Continue Reading
By
- Gary Olsen
News 24 Oct 2024
AWS CDK security issue could lead to account takeovers

Aqua Security researchers discovered AWS Cloud Development Kit is susceptible to an attack vector the vendor refers to as 'shadows resources,' which can put accounts at risk. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
News 23 Oct 2024
Fortinet discloses critical zero-day flaw in FortiManager

According to Fortinet, the FortiManager vulnerability 'may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.' Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 22 Oct 2024
Thoma Bravo-owned Sophos to acquire Secureworks for $859M

Sophos said it plans to integrate Secureworks' products into a broader portfolio that serves both large enterprises and small and medium-sized businesses. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
Podcast 21 Oct 2024
Security observability, AI require data hygiene in DevSecOps

Sound data management is the heart of observability for security, which guides DevSecOps practices and determines the usefulness of AI apps, New Relic CISO says. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 18 Oct 2024
CI/CD pipeline security: Know the risks and best practices

Rapid release cycles need not compromise the security of an application and supporting infrastructure. Follow these guidelines to ensure security throughout the CI/CD pipeline. Continue Reading
By
- Matt Heusser, Excelon Development
News 17 Oct 2024
HashiCorp Vault scalability updates target big enterprises

HashiCorp Vault 1.18 updates make it more suited to large companies, which the vendor is courting with a lighter cloud migration push than with Terraform. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 15 Oct 2024
FIDO unveils new specifications to transfer passkeys

The proposed FIDO Alliance specifications would enable users and organizations to securely transfer credentials from one identity provider to another. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 11 Oct 2024
Zero-day flaw behind Rackspace breach still a mystery

More than two weeks after threat actors exploited a zero-day vulnerability in a third-party utility to breach Rackspace, the details about the flaw and the utility remain unknown. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 08 Oct 2024
Microsoft repairs 2 zero-days on October Patch Tuesday

Administrators will have to tackle 117 new vulnerabilities, including three rated critical, in this month's batch of security updates. Continue Reading
By
- Tom Walat, Site Editor
Podcast 08 Oct 2024
Risk & Repeat: Is Microsoft security back on track?

Microsoft has made significant changes to its cybersecurity practices and policies under the Secure Future Initiative. Are they enough to right the ship? Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 08 Oct 2024
High-severity Qualcomm zero-day vulnerability under attack

Qualcomm urges customers to patch the memory corruption vulnerability as Google researchers have observed targeted exploitation in the wild against the flaw. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Feature 02 Oct 2024
API security maturity model to assess API security posture

As API use proliferates, attackers are targeting them to exploit networks and data. This six-domain API security maturity model can assess weaknesses and vulnerabilities. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Definition 02 Oct 2024
What is Android System WebView and should you uninstall it?

Android System WebView is a system component for the Android operating system (OS) that enables Android apps to display web content directly inside an application. Continue Reading
By
- Gavin Wright
- Ben Lutkevich, Site Editor
- Madelyn Bacon, TechTarget
News 27 Sep 2024
CUPS vulnerabilities could put Linux systems at risk

Security researcher Simone Margaritelli discovered vulnerabilities in the Common UNIX Printing System that attackers could exploit during print jobs against Linux systems. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Tip 26 Sep 2024
5 online payment security best practices for enterprises

Ensuring the security of your company's online payment systems is key to preventing costly attacks, meeting compliance requirements and maintaining customer trust. Continue Reading
By
- Amanda Scheldt
News 25 Sep 2024
More Ivanti vulnerabilities exploited in the wild

Three vulnerabilities in Ivanti products have come under attack by unknown threat actors in recent weeks, including two flaws in the company's Cloud Services Appliance. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
Podcast 24 Sep 2024
Risk & Repeat: What's next for Telegram and Pavel Durov?

Telegram made updates to its FAQ and privacy policy following Pavel Durov's arrest. But will the changes influence cybercriminals' abuse of the platform? Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
Tip 23 Sep 2024
ASPM vs. ASOC: How do they differ?

Application security posture management and application security orchestration and correlation tools both aim to secure applications but use different methodologies. Continue Reading
By
- Dave Shackleford, Voodoo Security
News 19 Sep 2024
Platform engineers embrace secrets management tool

Pulumi's ESC, now GA, filled an automation gap in multi-cloud identity and permissions management for platform engineers well-versed in general-purpose programming languages. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 18 Sep 2024
Huntress warns of attacks on Foundation Software accounts

The cybersecurity company observed a brute force attack campaign targeting Foundation customers that did not change default credentials in their accounting software. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 18 Sep 2024
Orca: AI services, models falling short on security

New research from Orca Security shows that AI services and models in cloud contain a number of risks and security shortcomings that could be exploited by threat actors. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 16 Sep 2024
Windows spoofing flaw exploited in earlier zero-day attacks

Microsoft reveals that CVE-2024-43461, which was disclosed in September's Patch Tuesday, was previously exploited as a zero-day vulnerability in an attack chain. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
News 11 Sep 2024
Microsoft: Zero-day vulnerability rolled back previous patches

On Patch Tuesday, Microsoft addresses a critical zero-day vulnerability that reversed previous fixes for older vulnerabilities and put Windows 10 systems at risk. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
News 10 Sep 2024
Four zero-days fixed for September Patch Tuesday

Most corrections this month focus on the Windows OS, but enterprises that rely on SQL Server or SharePoint should prioritize deploying the security updates for those platforms. Continue Reading
By
- Tom Walat, Site Editor
Tip 06 Sep 2024
Top API risks and how to mitigate them

While APIs play an essential role in most modern business strategies, they can also introduce serious security threats. Learn some of the top API risks and how to mitigate them. Continue Reading
By
- John Burke, Nemertes Research
Tip 04 Sep 2024
Use AI threat modeling to mitigate emerging attacks

AI threat modeling can help enterprise security teams identify weaknesses in their AI systems and apps -- and keep bad actors from exploiting them. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
- Alissa Irei, Senior Site Editor
News 29 Aug 2024
Russia's APT29 using spyware exploits in new campaigns

A new report from Google TAG suggests that Russia's APT29 is using vulnerability exploits first developed from spyware vendors to target Mongolian government websites. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
News 28 Aug 2024
Volt Typhoon exploiting Versa Director zero-day flaw

Lumen Technologies researchers have observed exploitation of CVE-2024-39717 against four U.S. organizations in the ISP, MSP and IT sectors. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
Tutorial 27 Aug 2024
How to use Tor -- and whether you should -- in your enterprise

The Tor browser has sparked discussion and dissension since its debut. Does the software, which promises anonymous and secure web access, have a role to play in the enterprise? Continue Reading
By
- Damon Garn, Cogspinner Coaction
Answer 22 Aug 2024
Are virtual machines safe for end users?

Virtual machine security is a complicated topic because there are many factors that can determine their security posture. Learn how to evaluate these factors. Continue Reading
By
- John Powers, Senior Site Editor
News 22 Aug 2024
CrowdStrike exec refutes Action1 acquisition reports

A CrowdStrike vice president said the cybersecurity giant had an exploratory group conversation with Action1 and then 'disengaged after a surface level conversation.' Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
Tip 22 Aug 2024
How frictionless authentication works in online payments

Online retailers face a challenge: Make the payment process quick and easy for legitimate customers but not for fraudsters. Frictionless authentication can help. Continue Reading
By
- Rob Shapland
- Alissa Irei, Senior Site Editor
Definition 20 Aug 2024
What is cloud detection and response (CDR)?

Cloud computing requires a security approach that is different than traditional protections. Where does cloud detection and response fit into a cybersecurity strategy? Continue Reading
By
- Michael Levan
Tip 19 Aug 2024
CrowdStrike outage lessons learned: Questions to ask vendors

In light of the recent CrowdStrike outage, security teams should ask their vendors 10 key questions to ensure they're prepared should a similar event occur. Continue Reading
By
- Ed Moyle, SecurityCurve
Tip 16 Aug 2024
User mode vs. kernel mode: OSes explained

Kernel mode exists to keep user applications from disrupting critical system functions. Learn how each state works and what can happen when an error occurs in kernel mode. Continue Reading
By
- Ben Lutkevich, Site Editor