Unauthorized access was the most common type of attack in 2019, and it was responsible for 40% of all data breaches, says ForgeRock.

Increase of 37 percent from Q4 2019 to Q1 2020 attributed to creation of remote workforce due to COVID-19 stay-at-home orders.

Security pros need to double down around prevention of lateral movement by attackers, especially if IoT devices are connected to the network.

The US rail service hasn’t disclosed the number of passengers affected in a 16 April breach.

VMWare’s VMware Cloud Director has a security flaw that researchers believe could be exploited to compromise multiple customer accounts using the same cloud infrastructure.

If you're the Nextcloud admin for your company or home office, you might want to restrict who has access to the ONLYOFFICE suite of tools. Jack Wallen shows you how.

A privilege-escalation vulnerability patched in February by Microsoft continues to affect Exchange servers, with more than 80% of Internet-connected servers remaining vulnerable, one firm reports.

Researchers warn of critical flaws in SAP's Sybase Adaptive Server Enterprise software.

The stealthy backdoor is delivered via mass-market phishing emails that are well-crafted to appear convincing.

How time flies – the latest four-weekly Firefox update is out.

If you use the Nextcloud mobile app, you'll want to password protect it to ensure you don't leave your sensitive data open for anyone to see.

Organizations that fail to comply with these rules can get hit with backbreaking fines and class-action lawsuits.

The platform from Sensory helps people adapt to the COVID-19 world, providing a way to unlock devices without having to remove protective face coverings.

Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading

A security researcher details how RobbinHood has changed and why it remains a threat for businesses to watch.

Findings from the latest FISMA report are out and while the number of total cybersecurity incidents in 2019 were down, the federal government continues to face challenges mitigating basic security vulnerabilities.

A phishing email claims to send the recipient to a VPN configuration page for home access but instead leads them to a credential-stealing site, said Abnormal Security.

A proposed class-action lawsuit accuses Google of collecting browser data from people who used private mode.

An attack over the weekend unsuccessfully targeted 1.3 million WordPress websites, in attempts to download their configuration files and harvest database credentials.

The newly discovered USBCulprit malware is part of the arsenal of an APT known as Cycledek, which targets government entities.

Remote Access Trojans (RATs) can be the beginning of very bad things on your network or workstations.