Microsoft has warned on a new breed of patient ransomware attacks that lurk in networks for weeks before striking.

Two new reports suggest a massive gap between how organizations have prepared their cybersecurity defenses and the reality of their efficacy.

Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading

Even with more security issues published on Patch Tuesdays, the total number of software flaws dropped for the first three months of 2020, according to one tally.

Protecting your Linux servers against SYN attacks and IP spoofing isn't nearly as hard you think. Jack Wallen shows you how.

The lawsuit, filed against Google by Arizona's Attorney General, alleges that the tech giant uses “deceptive and unfair conduct” to obtain users’ location data.

Small and midsize businesses are better at cyber resilience than you might think.

The Russian military group has been exploiting a flaw in the Exim mail transfer agent since last August, the NSA reports.

If you use Bitwarden as your password manager of choice, you owe it to yourself to enable two-factor authentication.

Attackers compromised six Cisco VIRL-PE servers that are affected by critical SaltStack vulnerabilities.

Once considered a loader for other malware, Valak regularly conducts reconnaissance and steals information and credentials, new analysis shows.

Opsec mistakes lead a Check Point researcher to an individual in Brazil who was behind a longtime hacking campaign.

Octopus Scanner is a new malware used to compromise 26 open source projects in a massive GitHub supply chain attack.

The DDoS group sets itself apart by using exploits — but it doesn't always pan out.