Application and platform security

Applications and platform security is the basis of preventing vulnerabilities and attacks. Learn the latest about applications attacks, secure software development, patch management, OS security, virtualization, open source security, API security, web app and server security and more.

Top Stories

Tip 29 Oct 2025
Set up MFA in Microsoft 365 to safeguard data

Learn how to set up multifactor authentication in Microsoft 365 to enhance security, prevent unauthorized access and protect critical business data across the organization. Continue Reading
By
- Helen Searle-Jones, Tritech Group
Tutorial 27 Oct 2025
Checking Exchange Online health with PowerShell automation

Learn how to use scripts to streamline Exchange Online monitoring, produce reports and address issues related to mail flow and other key areas before they affect your organization. Continue Reading
By
- Liam Cleary, SharePlicity

Tip 21 Oct 2025
CSPM vs. DSPM: Complementary security posture tools

CSPM delivers important information on cloud configuration status. DSPM details the security posture of data, whether it's in the cloud or an on-premises environment. Continue Reading
By
- Dave Shackleford, Voodoo Security
Answer 20 Oct 2025
6 steps to increase Android security in the enterprise

Android is just as secure as its competitors' OSes, but IT should still remain vigilant. Here are six steps to secure Android devices for the enterprise. Continue Reading
By
- Nihad Hassan
Opinion 10 Oct 2025
Your browser is an AI-enabled OS, so secure it like one

With AI capabilities and 87+ browser-based apps per organization, browsers have evolved into OSes that demand enterprise-grade security and management strategies. Continue Reading
By
- Gabe Knuth, Principal Analyst
Opinion 03 Oct 2025
HashiConf highlights security opportunities to support scale

HashiCorp's latest tools and updates help security teams collaborate with DevOps teams for efficient, scalable cloud security. Continue Reading
By
- Melinda Marks, Practice Director
Tip 26 Sep 2025
7 key types of application security testing

Modern application development moves at unprecedented speed. Is your security testing keeping pace so that apps are secure when they reach production? Continue Reading
By
- Colin Domoney
Tip 24 Sep 2025
7 API discovery best practices for complete visibility

Secure your API landscape with these API discovery best practices spanning the entire SDLC. Find hidden endpoints, audit integrations and monitor continuously. Continue Reading
By
- Colin Domoney
Tip 22 Sep 2025
8 best practices for securing RESTful APIs

The REST architectural style helps applications communicate with each other. Be sure RESTful APIs have the protections necessary to keep attackers at bay. Continue Reading
By
- Ravi Das, ML Tech Inc.
News 18 Sep 2025
Harness takes aim at AI 'bottleneck' with DevSecOps agents

The vendor's new agentic features are included in products that already have a track record in AI-driven automation, as coding agents swamp software delivery pipelines. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 11 Sep 2025
Positive vs. negative security: Choosing an AppSec model

Understand the benefits and challenges of positive and negative security models to determine how to best protect web apps in your organization. Continue Reading
By
- Paul Kirvan
Definition 03 Sep 2025
What is file integrity monitoring (FIM)?

File Integrity Monitoring (FIM) is a security process that continuously monitors and analyzes the integrity of an organization's assets by comparing them against a trusted baseline to detect unauthorized changes or suspicious activity. Continue Reading
By
- Kinza Yasar, Technical Writer
Tip 25 Aug 2025
Red teams and AI: 5 ways to use LLMs for penetration testing

Red teams can harness the power of LLMs for penetration testing. From session analysis to payload crafting, discover five ways AI transforms security testing. Continue Reading
By
- Ed Moyle, SecurityCurve
News 20 Aug 2025

How to vibe code with security in mind

As more organizations integrate vibe coding and AI-assisted coding into their application development processes, it's important to remember to put security first. Continue Reading

— Dark Reading
Tip 20 Aug 2025
Use an AI gateway to secure AI models and applications

AI gateways provide critical security controls for enterprise AI applications, preventing data loss while managing access. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
Tip 18 Aug 2025
Shift left with these 11 DevSecOps best practices

By starting small, automating selectively and making security the easiest path forward, organizations can improve DevOps security without sacrificing development speed. Continue Reading
By
- Colin Domoney
Definition 13 Aug 2025
What is governance, risk and compliance (GRC)?

Governance, risk and compliance (GRC) refers to an organization's strategy, or framework, for handling the interdependencies of the following three components: corporate governance policies, enterprise risk management programs, and regulatory and company compliance. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Kinza Yasar, Technical Writer
- Paul Kirvan
News 12 Aug 2025
August Patch Tuesday addresses 107 vulnerabilities

Admins have no zero-days this month, but organizations that still rely on Exchange Server or SharePoint Server will have several serious flaws to resolve. Continue Reading
By
- Tom Walat, Site Editor
Tip 08 Aug 2025
How to prevent DoS attacks and what to do if they happen

The worst DoS attacks are like digital tsunamis that put critical business operations at risk. Learn how they work, ways to stop them and how systems can withstand the flood. Continue Reading
By
- Rob Shapland
News 08 Aug 2025

Researcher deploys fuzzer to test autonomous vehicle safety

As autonomous vehicles continue to evolve, new research highlights the importance of rigorous security testing to protect against both intentional attacks and unintentional unsafe commands in teleoperation systems. Continue Reading

— Dark Reading
Opinion 07 Aug 2025
3 eye-catching vendor announcements from Black Hat

At Black Hat 2025, some vendors had intriguing acquisitions and announcements in the realms of shadow AI, unmanaged devices and browser security. Continue Reading
By
- Gabe Knuth, Principal Analyst
- Omdia
  Intelligence and advice powered by decades of global expertise and comprehensive coverage of the tech markets.
Tip 06 Aug 2025
Understanding Android certificate management

Discover how to effectively manage digital certificates on Android devices, including installation methods, EMM tools and best practices for enterprise security. Continue Reading
By
- Nihad Hassan
Video 05 Aug 2025
AI security: Top experts weigh in on the why and how

AI is everywhere, so security focus on this new technology is essential. In this podcast episode, three top security experts review the risks and discuss ways to mitigate them. Continue Reading
By
- Staff report
Opinion 01 Aug 2025
Black Hat 2025: Navigating AI and supply chain security

Experts at the conference will discuss how AI impacts software supply chain security, highlighting challenges and strategies for developers and security teams. Continue Reading
By
- Melinda Marks, Practice Director
- Omdia
  Intelligence and advice powered by decades of global expertise and comprehensive coverage of the tech markets.
Tip 31 Jul 2025
How liveness detection catches deepfakes and spoofing attacks

Biometric liveness detection can stop fake users in their tracks. Learn how the technology works to distinguish real humans from deepfakes and other spoofing attacks. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tip 30 Jul 2025
How to manage Windows Server in an air-gapped environment

This guide explains the essential security practices, backup methods and configuration techniques admins can use when working in these sensitive environments. Continue Reading
By
- Dwayne Rendell, Triskele Labs
Tutorial 29 Jul 2025
Secure Windows with Microsoft's Security Compliance Toolkit

Learn how to work with the tools and security baselines provided by Microsoft to tighten the defenses in the Windows environment. Continue Reading
By
- Brien Posey
News 29 Jul 2025
What Amazon Q prompt injection reveals about AI security

Experts say a malicious prompt injection in the Amazon Q extension for VS Code doesn't represent a fundamentally new threat, but reflects how AI amplifies security risks. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 29 Jul 2025
Big vendors back Linux Foundation agentic workflows project

Agntcy overlaps with MCP and Agent2Agent but adds proposed standards for a broader range of network layers in the still-emerging 'internet of agents.' Continue Reading
By
- Beth Pariseau, Senior News Writer
Feature 28 Jul 2025
How to become a bug bounty hunter

With the right strategy, tools and skills, software testers and security researchers can earn extra income as bug bounty hunters. Continue Reading
By
- Rob Shapland
- Alissa Irei, Senior Site Editor
Tip 25 Jul 2025
How to discover and manage shadow APIs

Connecting applications, especially if external-facing, with unapproved APIs is a recipe for disaster. Detecting and managing shadow APIs is vital to keeping the company secure. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 23 Jul 2025
Top DevSecOps certifications and trainings for 2025

DevOps Institute, Practical DevSecOps, EXIN and EC-Council are among the organizations that offer DevSecOps certifications and trainings for cybersecurity professionals. Continue Reading
By
- Colin Domoney
Tip 17 Jul 2025
How to detect and fix a rooted Android phone

Rooting is a unique threat for enterprise mobile devices, but there are signs Android administrators and users can look for to detect it and steps they can take to fix it. Continue Reading
By
- Sean Michael Kerner
Tip 15 Jul 2025
What is cybersecurity mesh? Key applications and benefits

Is it time to consider a different approach to security architecture? Cybersecurity mesh might be an effective way to address complex, distributed environments. Continue Reading
By
- Ed Moyle, SecurityCurve
News 08 Jul 2025
Microsoft targets 130 vulnerabilities on July Patch Tuesday

Admins will want to focus on issuing corrections for the large number of flaws, some of which require no user interaction, in Windows RRAS and Microsoft Office. Continue Reading
By
- Tom Walat, Site Editor
Feature 08 Jul 2025
How to implement zero trust: 7 expert steps

Zero trust means a lot more than determining how users access resources. Successful implementation takes time, commitment and ongoing support. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
- Alissa Irei, Senior Site Editor
Tip 07 Jul 2025
How to detect and fix a jailbroken iPhone

Jailbroken devices can give rise to security threats for users and organizations alike. Learn how to prevent, detect and remove jailbreaking on enterprise iPhones. Continue Reading
By
- Sean Michael Kerner
Feature 07 Jul 2025
What is the future of cybersecurity?

As cyberthreats grow more sophisticated, enterprises face mounting challenges. What does the future of cybersecurity hold, and how can organizations stay ahead? Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Definition 02 Jul 2025
What is a message authentication code (MAC)? How it works and best practices

A message authentication code (MAC) is a cryptographic checksum applied to a message to guarantee its integrity and authenticity. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Robert Sheldon
Tip 27 Jun 2025
12 DevSecOps tools to secure each step of the SDLC

DevSecOps tools integrate security throughout development. These 12 options enhance workflows from coding to deployment without slowing teams down. Continue Reading
By
- Colin Domoney
Tip 27 Jun 2025
SBOM formats explained: Guide for enterprises

SBOMs inventory software components to help enhance security by tracking vulnerabilities. Teams have three standard SBOM formats to choose from: CycloneDX, SPDX and SWID tags. Continue Reading
By
- Ravi Das, ML Tech Inc.
Tip 27 Jun 2025
Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Tip 25 Jun 2025
10 remote work cybersecurity risks and how to prevent them

Larger attack surfaces, limited oversight of data use, AI-driven attacks and vulnerable enterprise technologies are among the security risks faced in remote work environments. Continue Reading
By
- Mary K. Pratt
Tutorial 23 Jun 2025
Update Kali Linux to the latest software repository key

Kali Linux users might encounter errors when they update or download new software, exposing systems to security threats. A new repository key will eliminate those problems. Continue Reading
By
- Damon Garn, Cogspinner Coaction
Podcast 18 Jun 2025
Mitigating AI's unique risks with AI monitoring

Coralogix CEO highlights the difference between AI and software monitoring, as illustrated by his company's acquisition and product expansion this year. Continue Reading
By
- Beth Pariseau, Senior News Writer
Feature 18 Jun 2025
TikTok bans explained: Everything you need to know

The United States government takes aim at the viral video sharing application TikTok. Continue Reading
By
- Ben Lutkevich, Site Editor
Definition 18 Jun 2025
What is an attack surface? Examples and best practices

An attack surface is the total number of possible entry points and attack vectors an organization or system has that are susceptible to unauthorized access. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Katie Terrell Hanna
Tip 17 Jun 2025
How to create an SBOM: Example and free template

SBOMs provide an inventory of every component in an organization's software supply chain. Use this free downloadable SBOM template to create one for your organization. Continue Reading
By
- Rob Shapland
Definition 16 Jun 2025
What is HMAC (Hash-Based Message Authentication Code)?

Hash-based message authentication code (HMAC) is a message encryption method that uses a cryptographic key with a hash function. Continue Reading
By
- Scott Robinson, New Era Technology
- Rahul Awati
Tip 13 Jun 2025
How to deploy Windows LAPS for tighter security

Microsoft improved the feature that automates local administrator password management in Windows Server and the client OS. This tutorial explains the updates and how to set it up. Continue Reading
By
- Brien Posey
News 12 Jun 2025
Datadog AI agent observability, security seek to boost trust

As AI agents mature, new tools aim to bolster their reliability and security with fresh visibility into automation workflows and more detailed troubleshooting. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 10 Jun 2025
June Patch Tuesday resolves Windows zero-day

Microsoft fixes 66 bugs, including an actively exploited WebDAV remote-code execution flaw, but the BadSuccessor vulnerability remains unpatched. Continue Reading
By
- Tom Walat, Site Editor
Guest Post 10 Jun 2025
How to implement effective app and API security controls

Security leaders must implement multilayered strategies combining threat modeling, balanced controls, cloud-first approaches and more to protect apps and APIs from evolving threats. Continue Reading
By
- William Dupre, Gartner
News 03 Jun 2025
HashiCorp Terraform leads IBM, Red Hat integration roadmap

HashiCorp and IBM have begun to knit together products such as Terraform and Ansible and divulged some roadmap details, but a few potential product overlaps are still unresolved. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 02 Jun 2025
The DOGE effect on cybersecurity: Efficiency vs. risk

The DOGE effect on security is a complex issue. Pursuit of efficiency might be a legitimate goal, but experts caution it can conflict with cybersecurity defenses. Continue Reading
By
- Staff report
Video 02 Jun 2025
The DOGE effect on cyber: What's happened and what's next?

In this webinar, part of 'CISO Insights' series, cybersecurity experts debate the pros and cons of the Department of Government Efficiency's actions and the impact on their field. Continue Reading
By
- Staff report
News 30 May 2025
Software supply chain security tools take on toil for users

Recent updates from software supply chain security vendors simply take over vulnerability management on behalf of IT orgs, rather than provide facilitating tools. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 29 May 2025
Security risks of AI-generated code and how to manage them

Application security teams are understandably worried about how developers use GenAI and LLMs to create code. But it's not all doom and gloom; GenAI can help secure code, too. Continue Reading
By
- Colin Domoney
Tip 28 May 2025
Comparing Windows Hello vs. Windows Hello for Business

Windows Hello allows desktop admins to manage local Windows authentication with new tools, but the difference between the free and business versions is critical for IT to know. Continue Reading
By
- Robert Sheldon
Definition 21 May 2025
What is a passkey?

A passkey is an alternative user authentication method that eliminates the need for usernames and passwords. Continue Reading
By
- Mary E. Shacklett, Transworld Data
- Amanda Stevens
News 19 May 2025
New GitHub Copilot agent edges into DevOps

The GitHub Copilot coding agent can take on toilsome tasks such as bug fixes and code reviews with its own GitHub Actions pull requests. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 16 May 2025
News brief: Patch critical SAP, Samsung and chat app flaws now

Check out the latest security news from the Informa TechTarget team. Continue Reading
By
- Staff report
Definition 16 May 2025
What is risk appetite?

Risk appetite is the amount of risk an organization or investor is willing to take in pursuit of objectives it deems have value. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Definition 14 May 2025
What is penetration testing?

A penetration test, also called a 'pen test,' is a simulated cyberattack on a computer system, network or application to identify and highlight vulnerabilities in an organization's security posture. Continue Reading
By
- Kinza Yasar, Technical Writer
- Puneet Mehta, SDG
News 13 May 2025
Microsoft tackles 5 Windows zero-days on May Patch Tuesday

The company addresses 72 unique CVEs this month, but several AI features bundled in a larger-than-usual update could bog down some networks. Continue Reading
By
- Tom Walat, Site Editor
Tip 07 May 2025
10 leading open source application security testing tools

Security testing enables companies to discover and remediate vulnerabilities and weaknesses in apps before malicious actors find them. Continue Reading
By
- Colin Domoney
News 02 May 2025
Independent lab crowns new WAAP product among its leaders

An API security specialist's newly launched WAAP product outranked more established WAF competitors during independent benchmark testing. Continue Reading
By
- Beth Pariseau, Senior News Writer
News 24 Apr 2025
Software supply chain security AI agents take action

Three software supply chain security vendors join the AI agent trend that is sweeping tech, as AI-generated code threatens to overwhelm human security pros. Continue Reading
By
- Beth Pariseau, Senior News Writer
Opinion 22 Apr 2025
3 EUC security topics I'll be looking for at RSAC 2025

There will be a ton of security topics that RSA Conference-goers can check out, but IT admins should be aware of three common themes surrounding email and endpoints. Continue Reading
By
- Gabe Knuth, Principal Analyst
- Omdia
  Intelligence and advice powered by decades of global expertise and comprehensive coverage of the tech markets.
News 22 Apr 2025
Docker plans Model Context Protocol security boost

Docker said it plans new tools integrating the emerging agentic AI standard protocol into existing workflows, including security controls. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 18 Apr 2025
Try these strategies to modernize Windows workloads

Legacy applications create tough choices for admins who must balance business needs and security. This article covers these challenges and modernization strategies. Continue Reading
By
- Dwayne Rendell, Triskele Labs
News 18 Apr 2025
Availity eyes GitLab Duo with Amazon Q for code refactoring

The healthcare network's release engineering team is testing the new AI agent pairing to help with code consolidation, modernization and risk mitigation. Continue Reading
By
- Beth Pariseau, Senior News Writer
Definition 16 Apr 2025
What is Pretty Good Privacy and how does it work?

Pretty Good Privacy, or PGP, was a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
- Peter Loshin, Former Senior Technology Editor
- Rob Wright, Senior News Director, Dark Reading
News 09 Apr 2025
Exploited Windows zero-day addressed on April Patch Tuesday

Microsoft delivers fixes for 121 vulnerabilities with 11 rated critical this month. Admins will have extra mitigation work to correct three flaws. Continue Reading
By
- Tom Walat, Site Editor
Tip 04 Apr 2025
Generative AI security best practices to mitigate risks

When tackling AI security issues, enterprises should minimize shadow IT risks, establish an AI governance council and train employees on the proper use of AI tools. Continue Reading
By
- Irwin Lazar, Metrigy Research
News 02 Apr 2025
Model Context Protocol fever spreads in cloud-native world

The Anthropic-led spec for AI agent tool connections gains further momentum this week, with support from cloud-native infrastructure vendors such as Kubiya and Solo.io. Continue Reading
By
- Beth Pariseau, Senior News Writer
Opinion 01 Apr 2025
How ESET is using AI PCs to boost endpoint security

While AI PCs show legitimate promise, the rock-solid use cases haven't been as prominent. However, security vendor ESET is showing more concrete applications of this technology. Continue Reading
By
- Gabe Knuth, Principal Analyst
- Omdia
  Intelligence and advice powered by decades of global expertise and comprehensive coverage of the tech markets.
Tip 28 Mar 2025
Follow Patch Tuesday best practices for optimal results

Microsoft releases most security updates on Patch Tuesday, a day that brings anxiety to many sys admins. Learn how to develop a strategy to test and deploy these fixes. Continue Reading
By
- Brien Posey
Opinion 27 Mar 2025
What the $32B Google-Wiz deal says about cloud-native security

Google's acquisition of Wiz for $32 billion highlights the importance of cloud-native security as organizations transition to microservices and containerization. Continue Reading
By
- Melinda Marks, Practice Director
- Omdia
  Intelligence and advice powered by decades of global expertise and comprehensive coverage of the tech markets.
Tip 21 Mar 2025
Does using DeepSeek create security risks?

The Chinese AI chatbot, despite its efficiency and customizability, raises serious concerns about data privacy, censorship and security vulnerabilities for business users. Continue Reading
By
- Nihad Hassan
Tip 20 Mar 2025
13 API security best practices to protect your business

APIs are the backbone of most modern applications, and companies must build in API security from the start. Follow these guidelines to design, deploy and protect your APIs. Continue Reading
By
- Dave Shackleford, Voodoo Security
- Michael Cobb
Feature 20 Mar 2025
3 types of deepfake detection technology and how they work

Think you're talking to your boss on Zoom? You might want to think again. Deepfake technology has already cost enterprises millions of dollars. Here's how to fight fire with fire. Continue Reading
By
- Alissa Irei, Senior Site Editor
Opinion 20 Mar 2025
How to sideload iOS apps and why it's dangerous

IT professionals might think the hassle of jailbreaking a device deters users from sideloading iOS apps. Learn the other methods users turn to and why it's still dangerous. Continue Reading
By
- Andrew Froehlich, West Gate Networks
- Kyle Johnson, Technology Editor
Tip 19 Mar 2025
The Microsoft patch management guide for admins

Microsoft recently added WSUS to its deprecation list. Now that the battle-tested patch management tool's days are numbered, what are the alternatives from the company? Continue Reading
By
- Adam Fowler
Definition 18 Mar 2025
What is security by design?

Security by design is an approach to software and hardware development that seeks to make systems as free of vulnerabilities and impervious to attack as possible through such measures as continuous testing, authentication safeguards and adherence to best programming practices. Continue Reading
By
- Paul Kirvan
- Ivy Wigmore
Answer 18 Mar 2025
How do competition laws affect Apple's sideloading policies?

The EU's Digital Markets Act has caused Apple to allow sideloading in certain regions. This change could have broader effects on Apple's operations, mobile security and IT teams. Continue Reading
By
- Sean Michael Kerner
News 17 Mar 2025
GitHub Actions supply chain attack spotlights CI/CD risks

Experts say a GitHub Actions vulnerability should renew enterprises' attention to securing build pipelines the same way they secure production environments. Continue Reading
By
- Beth Pariseau, Senior News Writer
Tip 17 Mar 2025
5 fundamental strategies for REST API authentication

Implementing an effective REST API authentication strategy can help protect users and their data while maintaining a seamless data exchange across boundaries. Continue Reading
By
- Priyank Gupta, Sahaj Software
Definition 17 Mar 2025
What is a buffer overflow? How do these types of attacks work?

A buffer overflow occurs when a program or process attempts to write more data to a fixed-length block of memory, or buffer, than the buffer is allocated to hold. Continue Reading
By
- Katie Terrell Hanna
- Michael Cobb
Tip 14 Mar 2025
How to secure AI infrastructure: Best practices

AI tools are creating an even greater attack surface for malicious hackers to penetrate. But there are steps you can take to ensure your organization's AI foundation remains safe. Continue Reading
By
- Jerald Murphy, Nemertes Research
Tip 13 Mar 2025
How to build an application security program

A well-defined application security program that includes multilayer software testing, SBOMs, and documentation and standards is vital to protect apps from threat actors. Continue Reading
By
- Colin Domoney
News 11 Mar 2025
March Patch Tuesday fixes 6 Windows zero-day exploits

All the vulnerabilities that had been actively exploited in the wild will get resolved quickly by deploying the Windows cumulative update for this month. Continue Reading
By
- Tom Walat, Site Editor
Feature 11 Mar 2025
Incident response for web application attacks

Web app security is like learning to ride a bike -- expect to struggle before getting it right. But don't be disheartened; learn from prior incidents to improve controls. Continue Reading
By
- Kyle Johnson, Technology Editor
- Manning Publications Co.
Definition 11 Mar 2025
What is a rootkit?

A rootkit is a program or a collection of malicious software tools that give a threat actor remote access to and control over a computer or other system. Continue Reading
By
- Scott Robinson, New Era Technology
- Mary E. Shacklett, Transworld Data
- Linda Rosencrance
News 28 Feb 2025
Microsoft targets AI deepfake cybercrime network in lawsuit

Microsoft alleges that defendants used stolen Azure OpenAI API keys and special software to bypass content guardrails and generate illicit AI deepfakes for payment. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
Tip 28 Feb 2025
Why and how to create Azure service principals

Service principals are a convenient and secure way to protect Azure resources. Follow this step-by-step guide to create a service principal that defends vital Azure workloads. Continue Reading
By
- Stuart Burns
News 27 Feb 2025
FBI: Lazarus Group behind $1.5 billion Bybit heist

Researchers say the heist, in which North Korean state-sponsored hackers stole funds from a cold wallet, is the biggest theft in the history of the cryptocurrency industry. Continue Reading
By
- Arielle Waldman, Features Writer, Dark Reading
Definition 27 Feb 2025
What is a domain controller?

A domain controller is a server that processes requests for authentication from users and computers within a computer domain. Continue Reading
By
- Gavin Wright
- Peter Loshin, Former Senior Technology Editor
Tip 26 Feb 2025
How to improve third-party API integration security

External API integrations are critical, but so is managing third-party API risks to maintain customer trust, remain compliant and ensure long-term operational resilience. Continue Reading
By
- Jerald Murphy, Nemertes Research
Tip 25 Feb 2025
WAF vs. RASP for web app security: What's the difference?

Web application firewalls use a negative security model, while runtime application self-protection tools use a positive security model. Which is better at keeping apps secure? Continue Reading
By
- Colin Domoney
Definition 21 Feb 2025
What is application allowlisting?

Application allowlisting, previously known as 'application whitelisting,' is the practice of specifying an index of approved software applications or executable files that are permitted to be present and active on a computer system. Continue Reading
By
- Mary E. Shacklett, Transworld Data
- Brien Posey
- Peter Loshin, Former Senior Technology Editor
Tip 21 Feb 2025
3 ways to retool UC platform security architecture models

Hybrid workers moving between home and office environments create a UC security gap. But adopting modern tools to augment traditional security policies can mitigate risks. Continue Reading
By
- Andrew Froehlich, West Gate Networks