Can open source software be regulated? Should it be regulated? And if so, will it lead to enhanced security? In mid-September, two government's approaches...

A initial access broker (IAB) is still running rampant despite being tracked for seven years by researchers, and despite striking up a predictable tune...

In August on a stage at Black Hat USA, I described in detail how Microsoft guest accounts could gain access to view and manipulate...

State-sponsored threat actors have exploited a US aeronautical organization, using known vulnerabilities in Zoho ManageEngine software and in Fortinet firewalls.The organization has not been...

Developers are increasingly adopting security testing as part of the development pipeline, but companies still have room for improvement, with a minority of companies...

Software bills of materials are having a moment.Following an executive order issued by the Biden administration in May 2021, the software manifests, which outline...

by Paul Ducklin If you run a WordPress site with the Ultimate Members plugin installed, make sure you’ve updated it...

The headlines have become a steady occurrence ... Kaseya, SolarWinds, 3CX, MOVEit, and there are sure to be others around the corner ... because...

The North Korean state-backed threat actor Lazarus Group has reinvented its ongoing espionage campaign by exploiting known vulnerabilities in unpatched Windows IIS Web servers...

Invicti's Patrick Vandenberg reveals findings from the company's latest AppSec report, looking at trends Invicti has recently observed and how they're evolving. Remote code...

Open source software (OSS) is mainstream today, but just because it's widely used doesn't mean it's widely understood. And this is especially true when...

RSA CONFERENCE 2023 – San Francisco – As enterprises and government agencies increasingly weave artificial intelligence (AI) and machine learning (ML) into their broader set...