Threats and vulnerabilities
Keeping up with the latest threats and vulnerabilities is a battle for any security pro. Get up-to-date information on email threats, nation-state attacks, phishing techniques, ransomware and malware, DDoS attacks, APTs, application vulnerabilities, zero-day exploits, malicious insiders and more.
Top Stories
-
News
17 Oct 2025
News brief: National cyberdefenses under mounting pressure
Check out the latest security news from the Informa TechTarget team. Continue Reading
-
Tip
16 Oct 2025
7 top deception technology vendors for active defense
Once reserved for the most mature organizations, cyber deception technology is picking up steam on the ground and in practice. Here are seven platforms for CISOs to consider. Continue Reading
-
Tip
15 Sep 2022
Use shadow IT discovery to find unauthorized devices and apps
Shadow IT may be convenient for users, but it isn't for IT -- especially where security is concerned. Shadow IT discovery finds unmanaged devices and apps. Continue Reading
-
News
15 Sep 2022
Transparency, disclosure key to fighting ransomware
Current and former CISA members say the best methods for curbing ransomware attacks are organizations reporting attacks and assisting in investigations. Continue Reading
-
News
14 Sep 2022
U.S. drops the hammer on Iranian ransomware outfit
The departments of Justice and the Treasury announced criminal charges and sanctions against a group of Iranian nationals accused of running an international ransomware operation. Continue Reading
-
News
13 Sep 2022
Secureworks reveals Azure Active Directory flaws
Secureworks published details of what it claims are significant security flaws in Azure's authentication system, but Microsoft has dismissed them as non-issues. Continue Reading
-
Definition
13 Sep 2022
computer worm
A computer worm is a type of malware whose primary function is to self-replicate and infect other computers while remaining active on infected systems. Continue Reading
-
News
13 Sep 2022
CrowdStrike threat report: Intrusions up, breakout time down
According to a new report by CrowdStrike's threat hunting team, Falcon OverWatch, attempted intrusions against the healthcare sector doubled year over year. Continue Reading
-
Definition
13 Sep 2022
air gap (air gapping)
An air gap is a security measure that involves isolating a computer or network and preventing it from establishing an external connection. Continue Reading
-
News
08 Sep 2022
Cisco Talos traps new Lazarus Group RAT
The North Korean-backed Lazarus Group has deployed a new type of remote access Trojan that has already been turned against foreign government networks and private energy companies. Continue Reading
-
News
07 Sep 2022
Google: Former Conti ransomware members attacking Ukraine
Google said former members of the Conti ransomware gang are operating as part of threat group UAC-0098, which is conducting attacks of both political and financial nature. Continue Reading
-
News
06 Sep 2022
Healthcare and education remain common ransomware targets
August disclosures showed ransomware attacks against education and healthcare entities resulted in slow recovery times and the potential loss of highly sensitive information. Continue Reading
-
Opinion
01 Sep 2022
How to start developing a plan for SASE implementation
From prioritizing business problems to identifying future initiatives to assessing critical tool gaps, learn how to create a realistic SASE implementation roadmap. Continue Reading
-
News
01 Sep 2022
Microsoft discloses 'high-severity' TikTok vulnerability
The flaw in TikTok's Android app is the latest security concern for the social media company, which was criticized last month for having keylogging functionality in its iOS app. Continue Reading
-
Tip
01 Sep 2022
Cybersecurity budget breakdown and best practices
Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
-
News
30 Aug 2022
Microsoft Excel attacks fall out of fashion with hackers
Hornetsecurity researchers say newly introduced safety measures from Microsoft have driven cybercriminals away from using Excel as a malware infection tool. Continue Reading
-
News
30 Aug 2022
FBI warns attacks on DeFi platforms are increasing
As cryptocurrency interest soars, cybercriminals are cashing in on the immaturity of some DeFi platforms and stealing hundreds of millions of dollars from investors. Continue Reading
-
Tutorial
30 Aug 2022
Learn to monitor group memberships with PowerShell
Use PowerShell automation to build reports in local group memberships on a server and security groups in Active Directory to keep tabs on any irregular behavior. Continue Reading
-
News
25 Aug 2022
Ransomware defies seasonal trends with increase
The return and rebranding of major crews saw the volume of ransomware attacks in July jump 47%, defying seasonal trends, according to researchers at NCC Group. Continue Reading
-
Tip
24 Aug 2022
How to conduct a secure code review
Learn how to conduct a secure code review -- a critical step in the software development lifecycle -- to avoid releasing an app with bugs and security vulnerabilities. Continue Reading
-
News
22 Aug 2022
CEO of spyware vendor NSO Group steps down
Current NSO Group COO Yaron Shohat will replace outgoing CEO Shalev Hulio as part of a reorganization for the vendor, which has come under fire from the U.S. government. Continue Reading
-
News
18 Aug 2022
Shunned researcher Hadnagy sues DEF CON over ban
Researcher Christopher Hadnagy is seeking damages from DEF CON and founder Jeff Moss over their decision to ban him citing multiple claims of conduct violations. Continue Reading
-
Opinion
17 Aug 2022
Data security as a layer in defense in depth against ransomware
Having data security as part of a defense-in-depth strategy can reduce the likelihood of a successful ransomware attack. Continue Reading
-
News
17 Aug 2022
Google patches yet another Chrome zero-day vulnerability
Google issued an update Wednesday to address a potentially serious security vulnerability in its Chrome browser, and the company urged users to patch their browsers immediately. Continue Reading
-
News
17 Aug 2022
CISA: Threat actors exploiting multiple Zimbra flaws
Cybersecurity vendor Volexity found earlier this month that one flaw, CVE-2022-27925, had compromised more than 1,000 Zimbra Collaboration Suite instances. Continue Reading
-
Tip
17 Aug 2022
How to create a threat profile, with template
Read five key steps on how to create a threat profile, and get started making them customized to your organization with our free template. Continue Reading
-
News
16 Aug 2022
Zero Day Initiative seeing an increase in failed patches
In a Q&A with TechTarget Editorial, Trend Micro Zero Day Initiative's Brian Gorenc and Dustin Childs discuss incomplete patches and the value of personal researcher relations. Continue Reading
-
News
12 Aug 2022
Eclypsium calls out Microsoft over bootloader security woes
At DEF CON 30, Eclypsium researchers detailed three new vulnerabilities in third-party Windows bootloaders that were signed with Microsoft's UEFI certificates. Continue Reading
-
News
11 Aug 2022
Rapid7: Cisco ASA and ASDM flaws went unpatched for months
While several of the vulnerabilities were reported to Cisco in February, they remained unpatched until Thursday when Rapid7's Jake Baines discussed the flaws at Black Hat USA 2022. Continue Reading
-
News
11 Aug 2022
Researchers reveal Kubernetes security holes, prevention
Researchers with Palo Alto Networks took the stage at Black Hat to explain how configurations and system privileges in Kubernetes clusters can allow container escape and takeover. Continue Reading
-
News
11 Aug 2022
SentinelOne discusses the rise of data-wiping malware
During a Black Hat 2022 session, researchers showed how expectations of cyber war may differ from the reality. Continue Reading
-
News
11 Aug 2022
Zero Day Initiative launches new bug disclosure timelines
The Trend Micro Zero Day Initiative's vulnerability disclosure policy will now mandate shorter disclosure windows for flaws believed to result from bypassed security patches. Continue Reading
-
News
11 Aug 2022
Google researchers dissect Android spyware, zero days
Researchers with Google's Threat Analysis Group say the ecosystem of surveillance vendors is far larger than just NSO Group, and some vendors are sharing or trading exploits. Continue Reading
-
Feature
11 Aug 2022
What is data security? The ultimate guide
Dig into the essentials of data security, from must-have tools, technologies and processes to best practices for keeping data safe. Continue Reading
-
Feature
10 Aug 2022
Is ethical hacking legal? And more ethical hacking advice
Is ethical hacking legal? Learn about the legality of ethical hacking, why it's important, its benefits and what organizations should look for when hiring an ethical hacker. Continue Reading
-
Feature
10 Aug 2022
Ethical hacking: How to conduct a Sticky Keys hack
Physical security is often overlooked by cybersecurity teams. Learn about physical cybersecurity attacks in step-by-step instruction on how to conduct a Windows Sticky Keys hack. Continue Reading
-
Tip
08 Aug 2022
10 top open source security testing tools
From Kali Linux to Mimikatz to Metasploit, learn about 10 open source penetration testing tools organizations can use to determine how secure their network is. Continue Reading
-
Feature
05 Aug 2022
Importance of enterprise endpoint security during a pandemic
Enterprises often focus greatly on communications security and less on endpoint security. Review the importance of enterprise endpoint security and best practices to implement it. Continue Reading
-
Feature
05 Aug 2022
Cybersecurity lessons learned from COVID-19 pandemic
Cybersecurity lessons companies learn from the COVID-19 pandemic include having work-from-home preparations and developing disaster recovery and business continuity plans. Continue Reading
-
News
02 Aug 2022
July another down month in ransomware attack disclosures
July saw a similar number of ransomware attack disclosures as June, previously the sparsest month for disclosures this year, according to SearchSecurity's data. Continue Reading
-
News
29 Jul 2022
Coveware: Median ransom payments dropped 51% in Q2
Coveware hypothesized that large enterprises are making themselves more expensive targets for ransomware gangs and refusing to give into high demands. Continue Reading
-
News
28 Jul 2022
Microsoft: Austrian company DSIRF selling Subzero malware
Microsoft said Austrian penetration testing firm DSIRF exploited multiple zero-day vulnerabilities, including the recently patched CVE-2022-22047. Continue Reading
-
News
28 Jul 2022
AWS adds anti-malware and PII visibility to storage
New tools unveiled by AWS at re:Inforce 2022 add new anti-malware capabilities to AWS block storage and a way to find personally identifiable information with S3 object storage. Continue Reading
-
News
27 Jul 2022
Deepfake technology risky but intriguing for enterprises
Enterprises can generate synthetic data sets with the technology. It is useful in broadcast and for advertising. However, its privacy and political implications can be dangerous. Continue Reading
-
Feature
27 Jul 2022
NFT wash trading explained
NFT popularity grew with the rise of cryptocurrency. But scams -- such as wash trading -- also increased, presenting new problems for businesses and consumers. Continue Reading
-
Definition
27 Jul 2022
data breach
A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an unauthorized fashion. Continue Reading
-
Definition
22 Jul 2022
insider threat
An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets. Continue Reading
-
News
21 Jul 2022
NCC Group observes a drop in ransomware attacks -- for now
Changes in top ransomware-as-a-service groups like LockBit 2.0 and Conti accounted for the decline in activity, though NCC Group anticipates attacks will ramp back up. Continue Reading
-
News
21 Jul 2022
Atlassian Confluence plugin contains hardcoded password
A flaw in Questions for Confluence, a first-party application in Atlassian Confluence, contains a hardcoded password enabling access into any vulnerable instance. Continue Reading
-
News
21 Jul 2022
SynSaber: Only 41% of ICS vulnerabilities require attention
The industrial cybersecurity vendor analyzed 681 ICS vulnerabilities that were disclosed this year and found many had a low probability of exploitation. Continue Reading
-
News
20 Jul 2022
DOJ report warns of escalating cybercrime, 'blended' threats
The Department of Justice's cyber review report warned that the lines between conventional cybercriminal activity and national security threats have all but disappeared. Continue Reading
-
Feature
20 Jul 2022
VMDR: Inside vulnerability management, detection and response
VMDR offers automated asset identification, threat prioritization and patch management. But do companies need another vulnerability management tool? Continue Reading
-
Feature
19 Jul 2022
Cyber-war game case study: Preparing for a ransomware attack
In this real-world cyber-war game case study, an exercise on ransomware preparedness helped a company discover shortcomings in its incident response plan. Continue Reading
-
News
12 Jul 2022
4 critical flaws among 84 fixes in July Patch Tuesday
Microsoft's Patch Tuesday release for July brought dozens of fixes for security flaws in Windows, an Azure disaster recovery tool and the problematic Print Spooler service. Continue Reading
-
Tip
07 Jul 2022
How to create a critical infrastructure incident response plan
Does your organization have an incident response plan for disruptions to critical infrastructure? Learn how to write a successful plan for your company. Continue Reading
-
News
06 Jul 2022
HackerOne incident raises concerns for insider threats
While the threat actor's motivation appears to be financial, it shows just how damaging an insider threat could be for vulnerability disclosure and bug bounty systems. Continue Reading
-
Definition
06 Jul 2022
blended threat
A blended threat is an exploit that combines elements of multiple types of malware and usually employs various attack vectors to increase the severity of damage and the speed of contagion. Continue Reading
-
Feature
29 Jun 2022
A guide to MSP patch management best practices
As software patch management challenges mount, industry experts offer advice to MSPs on prioritizing system risk levels, selecting proper tools and testing patches internally. Continue Reading
-
News
28 Jun 2022
Ransomware gangs using Log4Shell to attack VMware instances
Ransomware groups are exploiting the Log4Shell flaw in VMware Horizon and using DLL sideloading techniques to exfiltrate and encrypt data, according to Trend Micro. Continue Reading
-
News
28 Jun 2022
Wiz launches open database to track cloud vulnerabilities
Wiz researchers Alon Schindel and Amitai Cohen and Scott Piper, cloud security engineer at Block, launched a database to list all known cloud vulnerabilities and security issues. Continue Reading
-
Feature
27 Jun 2022
How to determine out-of-scope bug bounty assets
What happens when a security researcher discovers a bug in an out-of-scope asset? Learn how to handle bug bounty scope in this excerpt from 'Corporate Cybersecurity.' Continue Reading
-
Feature
27 Jun 2022
An enterprise bug bounty program vs. VDP: Which is better?
Creating a bug bounty or vulnerability disclosure program? Learn which option might prove more useful, and get tips on getting a program off the ground. Continue Reading
-
News
24 Jun 2022
Researchers criticize Oracle's vulnerability disclosure process
While the critical flaws were reported in April, it took the vendor nearly half a year to issue patches, exceeding the standard responsible coordinated disclosure policy. Continue Reading
-
News
23 Jun 2022
Chinese HUI Loader malware ups the ante on espionage attacks
A state-sponsored piece of malware may become a favorite weapon for Beijing-backed hacking crews looking to lift intellectual property from foreign firms. Continue Reading
-
Guest Post
23 Jun 2022
3 threats dirty data poses to the enterprise
The Information Security Forum predicted dirty data will pose three threats to the enterprise. Learn about these threats, and get tips on how to protect your organization from them. Continue Reading
-
News
22 Jun 2022
Kaspersky unveils unknown APT actor 'ToddyCat'
The origin of 'ToddyCat' is unknown. However, Kaspersky said the APT actor carries similarities with a number of Chinese-speaking threat groups. Continue Reading
-
Feature
22 Jun 2022
Publicly disclosed U.S. ransomware attacks database
Each day SearchSecurity looks for every publicly available instance of a ransomware attack in the U.S. and compiles this data into a list to keep readers updated on recent threats. Continue Reading
-
News
22 Jun 2022
Proofpoint: Social engineering attacks slipping past users
Executives, administrators and network defenders overlook the severity of many of the most effective social engineering tools, Proofpoint cautions. Continue Reading
-
News
21 Jun 2022
Forescout discloses 'OT:Icefall,' 56 flaws from 10 vendors
The OT:Icefall vulnerabilities come from 10 operational technology vendors that make hardware for critical infrastructure, including Emerson, Honeywell, Motorola and more. Continue Reading
-
Podcast
16 Jun 2022
Risk & Repeat: Recapping RSA Conference 2022
This Risk & Repeat episode discusses RSA Conference 2022 and major themes, such as the evolving ransomware landscape and the government's strategy to address nation-state threats. Continue Reading
-
Tip
16 Jun 2022
How hackers use AI and machine learning to target enterprises
AI benefits security teams and cybercriminals alike. Learn how hackers use AI and machine learning to target enterprises, and get tips on preventing AI-focused cyber attacks. Continue Reading
-
News
15 Jun 2022
Alphv ransomware gang ups pressure with new extortion scheme
The ransomware operators this week launched a website for victims' employees and customers to search for any stolen personal information following an attack. Continue Reading
-
Definition
15 Jun 2022
directory traversal
Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's root directory. Continue Reading
-
News
14 Jun 2022
Critical Atlassian Confluence flaw remains under attack
Researchers say a critical flaw in the Atlassian Confluence Data Center and Server is now being used to spread ransomware in the wild, making updates a top priority. Continue Reading
-
News
13 Jun 2022
Tenable slams Microsoft over Azure vulnerabilities
Tenable expressed its frustration after working with Microsoft on the disclosure of two cloud flaws that researchers ranked as critical, which the company later silently patched. Continue Reading
-
News
09 Jun 2022
Rob Joyce: China represents biggest long-term cyberthreat
NSA director of cybersecurity Rob Joyce spoke at RSA Conference 2022 about the cyberthreat landscape for nation-state attacks from Russia and China. Continue Reading
-
News
09 Jun 2022
CrowdStrike demonstrates dangers of container escape attacks
CrowdStrike gave a live demonstration at RSA Conference 2022 of how an attacker can use a recently discovered Kubernetes flaw to obtain full control over a container's host system. Continue Reading
-
News
09 Jun 2022
Mandiant: Cyberextortion schemes increasing pressure to pay
At RSA Conference 2022, Mandiant executives discussed how attackers are pulling out all the stops to pressure victims to pay, from DDoS attacks to harassing victims' customers. Continue Reading
-
News
07 Jun 2022
Cybereason: Paying ransoms leads to more ransomware attacks
Cybereason found that the majority of organizations that pay threat actors to decrypt data are attacked again -- usually within a month and at the hands of the same attackers. Continue Reading
-
News
06 Jun 2022
MacOS malware attacks slipping through the cracks
Apple security specialist Patrick Wardle told RSA Conference 2022 attendees that some of the worst security flaws in the macOS operating system come from overlooked bits of code. Continue Reading
-
News
03 Jun 2022
Critical Atlassian Confluence flaw exploited in the wild
No patch is currently available for the critical Atlassian bug, which affects Confluence Server and Data Center products, though one is expected by end of day Friday. Continue Reading
-
News
02 Jun 2022
Conti ransomware group targeted Intel firmware tools
A pair of Intel firmware management platforms were targeted by the notorious Conti ransomware group to create new attack techniques, according to Eclypsium researchers. Continue Reading
-
Feature
01 Jun 2022
How ransomware kill chains help detect attacks
Reconstructing cyber attacks is a key step in incident response. Learn how ransomware kill chains can help security teams detect and mitigate the consequences of an attack. Continue Reading
-
Feature
01 Jun 2022
How to improve cyber attack detection using social media
Social media has cybersecurity pros and cons. One benefit is that it can help improve cyber attack detection. These four real-world examples show how. Continue Reading
-
News
01 Jun 2022
Forescout proof-of-concept ransomware attack affects IoT, OT
Forescout's proof of concept showed how an attacker could use an IoT camera to gain access to an enterprise's IT network and then shut down operational technology hardware. Continue Reading
-
News
31 May 2022
Microsoft zero day exploited in the wild, workarounds released
A zero-day flaw in the Microsoft Support Diagnostic Tool has already been exploited in the wild. No patch is available yet, but Microsoft released temporary mitigations. Continue Reading
-
Tip
26 May 2022
Top 4 source code security best practices
Software supply chain attacks are on the rise. Follow these source code best practices to protect both in-house and third-party code. Continue Reading
-
Feature
26 May 2022
8 ways to avoid NFT scams
People and businesses are turning to NFTs to make money, trade collectibles and use as promotions. But scams are also trying to trick people and businesses out of money. Continue Reading
-
News
26 May 2022
'Pantsdown' BMC vulnerability still present in Quanta servers
Eclypsium found that a critical security flaw first disclosed in 2019 remains exposed in many internet-facing servers, leaving networks at risk for remote code execution attacks. Continue Reading
-
News
25 May 2022
Verizon DBIR: Stolen credentials led to nearly 50% of attacks
The Verizon 2022 Data Breach Investigations Report revealed enterprises' ongoing struggle with securing credentials and avoiding common mistakes such as misconfigurations. Continue Reading
-
Tip
25 May 2022
Prepare for deepfake phishing attacks in the enterprise
Deepfake phishing has already cost at least one company $243,000. Learn how cybersecurity leaders can train users to recognize this emerging attack vector. Continue Reading
-
News
24 May 2022
Verizon DBIR: Ransomware dominated threat landscape in 2021
Though ransomware became an increasingly large threat to enterprises last year, Verizon's Data Breach Investigations Report found the model may not be as profitable as expected. Continue Reading
-
News
23 May 2022
Veeam data protection aids users with secure restores
From 'nothing worked' to 'it just worked': How Veeam Software helped a Florida city out of a troublesome predicament with its legacy data backup platform. Continue Reading
-
News
23 May 2022
AdvIntel: Conti rebranding as several new ransomware groups
According to AdvIntel's research, the Conti ransomware group's attack on the Costa Rican government was part of a rebranding effort, as the gang's ransom payments had dried up. Continue Reading
-
Tip
20 May 2022
How to counter insider threats in the software supply chain
Insider threats extend beyond employees within your company to include people working at partners and third parties. Learn about these insider threats in the software supply chain. Continue Reading
-
News
19 May 2022
QNAP devices hit by DeadBolt ransomware again
DeadBolt ransomware is once again targeting QNAP's NAS devices, and the vendor is urging customers to patch immediately. Continue Reading
-
News
19 May 2022
VMware vulnerabilities under attack, CISA urges action
Administrators are grappling with four VMware vulnerabilities -- two older flaws that are under active exploitation and two new bugs that CISA believes will be exploited soon. Continue Reading
-
Tip
19 May 2022
How to conduct a cyber-war gaming exercise
A successful cyber-war game can help organizations find weaknesses in their system but only if the right participants are involved and an after-action review is completed. Continue Reading
-
News
19 May 2022
VeeamON 2022: Backup and security union emerges as top trend
Veeam has seized an opportunity to make its products more secure amid the prevalence of cyber attacks. The vendor is also looking to expand its reach, potentially through acquisitions. Continue Reading
-
News
18 May 2022
Axie Infinity hack highlights DPRK cryptocurrency heists
The $620 million hack of developer Sky Mavis earlier this year is only the latest in a long line of cryptocurrency platform attacks conducted by North Korean nation-state actors. Continue Reading
-
Definition
17 May 2022
man in the browser (MitB)
Man in the browser (MitB) is a security attack where the perpetrator installs a Trojan horse on the victim's computer that is capable of modifying that user's web transactions. Continue Reading
-
Guest Post
16 May 2022
How cryptocurrencies enable attackers and defenders
Threat actors use cryptocurrencies for their anonymity, but they're not as impenetrable as once thought. Discover how cryptocurrencies can help attackers and defenders alike. Continue Reading