Risk

The new draft guidance on premarket submissions incorporates quality system regulations and doubles down on a life-cycle approach to product security.

Global ransomware incidents target everything from enterprise servers to grounding an airline, with one India-based group even taking a Robin Hood approach to extortion with the "GoodWill" strain.

Credential-stuffing attacks against online accounts are still popular, and they work thanks to continuing password reuse.

Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall — security as a process — not just comply with new standards.

Ransomware has become so efficient, and the underground economy so professional, that traditional monetization of stolen data may be on its way out.

New analysis reveals basic regulatory password requirements fall far short of providing protection from compromise.

Shadowserver Foundation researchers find 380,000 open Kubernetes API servers.

For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows.

System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers.

Most local leaders lack cybersecurity resources so they don't know where their weaknesses are and which areas threat actors are most likely to target, with little focus or understanding of risk.

The online giant analyzes, patches, and maintains its own versions of open source software, and now the company plans to give others access to its libraries and components as a subscription.

Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS — and about 97% of software does — will gain more data on security.

New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said.

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear.