Can open source software be regulated? Should it be regulated? And if so, will it lead to enhanced security? In mid-September, two government's approaches...

A initial access broker (IAB) is still running rampant despite being tracked for seven years by researchers, and despite striking up a predictable tune...

In August on a stage at Black Hat USA, I described in detail how Microsoft guest accounts could gain access to view and manipulate...

State-sponsored threat actors have exploited a US aeronautical organization, using known vulnerabilities in Zoho ManageEngine software and in Fortinet firewalls.The organization has not been...

Developers are increasingly adopting security testing as part of the development pipeline, but companies still have room for improvement, with a minority of companies...

by Paul Ducklin If you run a WordPress site with the Ultimate Members plugin installed, make sure you’ve updated it...

The North Korean state-backed threat actor Lazarus Group has reinvented its ongoing espionage campaign by exploiting known vulnerabilities in unpatched Windows IIS Web servers...

RSA CONFERENCE 2023 – San Francisco – As enterprises and government agencies increasingly weave artificial intelligence (AI) and machine learning (ML) into their broader set...

by Paul Ducklin Logging software has made cyberinsecurity headlines many times before, notably in the case of the Apache Log4J...

by Paul Ducklin We’ve written before, back in 2022, about a code execution hole in the widely-used JavaScript sandbox system...

Keeping applications and networks secure can seem like a Sisyphean task. No matter how much time and resources security and IT teams devote to...

Keeping applications and networks secure can seem like a Sisyphean task. No matter how much time and resources security and IT teams devote to...