A phishing campaign targeting healthcare, government, hospitality, and education sectors uses several evasion techniques to avoid detection.

GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static analysis and cover more languages and frameworks.

Supply chain attacks feel like they're becoming more and more common.

CTI-REALM is Microsoft’s open-source benchmark that evaluates AI agents on real-world detection engineering. It measures whether an agent can take cyber threat intelligence (CTI) and produce validated ...

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed.

Researchers attributed the compromise to TeamPCP, the same threat group linked to the aforementioned Trivy compromise and subsequent malicious Docker images. The group has been observed running a ...

The rapid convergence of web applications, cloud-native services, and Internet of Things (IoT) ecosystems has fundamentally reshaped modern communication ...

Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and ...

I’ve been writing and editing technology articles for more than seven years, most recently as part of PCMag's software team. I am responsible for content in the AI, financial, graphic design, ...