Risk

Ransomware has become so efficient, and the underground economy so professional, that traditional monetization of stolen data may be on its way out.

New analysis reveals basic regulatory password requirements fall far short of providing protection from compromise.

Shadowserver Foundation researchers find 380,000 open Kubernetes API servers.

For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows.

System of Trust includes data-driven metrics for evaluating the integrity of software, services, and suppliers.

Most local leaders lack cybersecurity resources so they don't know where their weaknesses are and which areas threat actors are most likely to target, with little focus or understanding of risk.

The online giant analyzes, patches, and maintains its own versions of open source software, and now the company plans to give others access to its libraries and components as a subscription.

Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS — and about 97% of software does — will gain more data on security.

New quantum encryption standards will stand up to spy-snooping, NSA cybersecurity director said.

Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.

Just one day after disclosure, cyberattackers are actively going after the command-injection/code-execution vulnerability in Zyxel's gear.

The conference opens with stark outlook on the future of global democracy — currently squeezed between Silicon Valley and China.

The White House and tech industry pledge $150 million over two years to boost open source resiliency and supply chain security.

A brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars.

The supply chain for firmware development is vast, convoluted, and growing out of control: patching security vulnerabilities can take up to two years. For cybercriminals, it's a veritable playground.