Cybersecurity News

The OT devices that translate machine talk into Internet-speak are riddled with vulnerabilities and more frequently targeted for attacks, researchers say.

Strangers can infer limited info about you without knowing or messaging you, which could theoretically aid certain kinds of malicious activity.

Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data enrichment.

In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.

AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones.

The Maritime Transportation Security Act (MTSA) requires plans to protect OT systems, audits by independent third parties, and a hybrid OT-security role.

The National Institute of Standards and Technology is carving a new path for vulnerability remediation by changing the way it prioritizes software flaws.

Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.

A benign looking update Dragon Boss pushed out in March 2025 established persistence via scheduled tasks and arranged for future payloads to be excluded from Windows Defender.

Threat actors know how to bypass security systems outside of traditional IT environments. Implementing 2FA could provide a needed extra security barrier in the physical world.