Robuta

Researchers warn that hackers linked to recent social engineering attacks are targeting customer-service platforms.

The supply chain attack is raising questions about how best to deploy and secure the tools as corporations face heightened threats across the globe.

Companies are increasingly lavishing benefits on their top security executives, a recent report found.

Authorities have spent years trying to cripple the ecosystem that helps hackers hide their profits.

Senior executives and high-net-worth individuals are increasingly at risk as hackers use deepfakes, voice cloning and other tactics for targeted attacks.

The company, one of the largest title insurance firms in the U.S., is still assessing whether the attack will have a material impact on its business.

Security experts and local officials say the program is vital to protecting the country.

Customers are more likely to forgive a particular brand for putting data at risk if they trust the company, Forrester research shows.

Multiple threat groups have employed the same criminal tool kit to target vulnerable systems.

The maker of patient monitoring devices said the incident will not have a material effect on its updated financial outlook.

Researchers warn that critical infrastructure providers and government sites are being targeted by state-linked attackers.

The platform will provide a vendor-agnostic option for sharing early threat information and intelligence across industries, the group said Monday.

Hackers may be able to overload unpatched devices, the company said.

2026 is poised to be “the year of impersonation attacks” amid an explosion of AI-powered tools, a fraud prevention expert said.

Federal authorities are still working with the company to investigate a hack of Treasury Department workstations, but have not yet explained the CVEs’...

The legislation follows a wave of social engineering attacks that rocked the nation’s retail and automotive supply chains.

Experts warn that state-linked threat groups are actively searching for ways to disrupt the industry amid growing power demand in the U.S.

Energy storage and other new distributed energy resources could be particularly vulnerable to cyberattack, according to a panel hosted by the Clean Energy...

The New York City-based firm recently found that unauthorized individuals hacked its systems and claimed to have acquired confidential information.

The CodeBreach vulnerability could have enabled a massive supply chain attack, researchers warn.

Security leaders are also focused on the convergence of IT and operational technology as business continuity becomes a major concern.

IT defenders think many of their security tools aren’t ready for AI-powered cyberattacks, according to a new report.

The Joint Cyber Defense Collaborative dedicated its 2023 agenda to particularly vulnerable sectors and open source use in industrial systems.

Hackers are exploiting the vulnerability in tandem with a previously disclosed CVE, to bypass authentication measures and take control of an affected system.

Researchers discovered a technique that allows threat actors to maintain read-only access to vulnerable FortiGate devices after they are patched.

Welcome to our 2024 Cybersecurity Forecast Series! This is the second of our four expert blogs where we unveil key predictions for AI advancements, discuss...

Manufacturing and energy firms saw some of the biggest increases in malware activity targeting connected devices.

A new report also found that American executives are more bullish on AI's potential than their British counterparts.

CEO announces security and governance reforms inside the company, including the adoption of secure-by-design practices.

It remains unclear if the new system will include liability protections that companies say are necessary.

Nation states are combining old techniques with newer methods to establish persistence and steal valuable data from organizations.

Researchers are tracking hundreds of cases around the world and warning that the risk is more serious than previously known.

The Senate Intelligence Committee’s chairman voiced concern about foreign adversaries tampering with code.

Two of the largest telecom providers in the U.S. said the China-government sponsored threat group is no longer embedded in their networks.

Most of the leaders of the agency’s operating divisions and regional offices have left or will leave this month amid the Trump administration’s aggressive...

The agency is launching a cybersecurity playbook for healthcare providers and said it will publish a "significant update" to its 2014...

The government is worried about hackers accessing systems through insecure and poorly monitored routers, firewalls and similar equipment at the network...

Authorities have described Pyongyang’s revenue-generating schemes as threats to U.S. national and economic security.

The information security industry feared a lapse would lead to industrywide exposures of software vulnerabilities.

The household product maker said the incident damaged IT systems and will have a material effect on its fiscal Q1 performance.

Attackers can use the chained vulnerabilities to execute remote commands after a user initiates a print job.

Threat actors are exploiting known weak points and enterprises’ dependency across the tech stack. It’s making cybersecurity professionals’ jobs harder...

As industry returns from the holiday break, organizations are assessing potential security threats from Log4j, ranging from coin miners to hands-on-keyboard...

The federal agency plans to develop guidance to organizations about various AI use cases.

The guidelines from CISA and the NSA come amid a growing movement to “shift left” and evaluate software security earlier in the development cycle.

“We are all in an arms race to protect this ecosystem, to protect the network,” Visa CEO Ryan McInerney said at an investor conference last week.

The U.S. and its allies warned that defenders should take the hackers seriously, despite the attackers’ pattern of exaggerating their actual impact.

A special report blames county officials for ignoring FBI warnings during the 2022 attack and an overall failure of IT and security leadership.

Amit Yoran claims Microsoft failed to acknowledge a critical vulnerability in Azure until Tenable said it would go public.

A plan to transfer cybersecurity and resilience responsibilities to states could have major unintended consequences.

For now, the capability remains in the hands of nation-state actors. But "sophistication can ultimately be bought," Edison Electric...

Employees in fields like health care and finance trust AI more than they trust their colleagues, according to a new report.

Axis Communications is the first major surveillance camera maker to vow to adhere to CISA’s security guidelines.

Private sector partners say the rollout will raise the security bar to better protect the entire defense industry ecosystem.

A steady stream of threats and new regulations have executives tiptoeing around how to best detail security incidents.

CISA warned civilian agencies to immediately patch systems before Christmas break as researchers see an increase in malicious activity targeting organizations...

The threat groups, identified as UNC6040 and UNC6395, have used different tactics to gain access to data.

The document says it's important to reference the International Medical Device Regulators Forum's cybersecurity guidance, and policies...

Internet of Things device makers are eager to participate, but the commission’s concerns about its lead administrator have halted progress of the U.S. Cyber...

As the Securities and Exchange Commission builds investor protections on sustainable investing, CFOs can look to the agency's approach to...

A new survey illustrates the defense industrial base’s fragmented security posture.

The chairman testified before British lawmakers following a major social-engineering attack on the department-store chain.

The SolarWinds attack has opened a deeper conversation about the role of the federal government in coordinating cybersecurity policy and sharing...

The problem isn’t limited to legacy technology. New devices are exposed with critical vulnerabilities.

While the company has not disclosed the attack vector, one expert said its quick recovery could be a post-breach success story.

The Supreme Court decision could have major ramifications for federal agencies that rely on old laws to tackle digital-era policy challenges, legal...

In an open letter, Patrick Opet said third-party vendors need to embrace secure development practices over speed to market.

The changes would require broker-dealers and other entities to adopt written plans to minimize risk and promptly disclose major incidents.

Mandiant research shows threat actors exposing highly sensitive data amid increased attacks against industrial targets.

The World Economic Forum’s wide-ranging new report also found strong global support for cyber regulation.

Four in 10 finance leaders said quantified risk reduction would make it easier to justify a cybersecurity spending hike.

CISA and OMB released an attestation form to ensure compliance with secure development practices.

The House Energy and Commerce Committee issued a report outlining six strategies for strengthening the nation's defenses against cybersecurity...

The group overhauled its internal security policies and named a board-level subcommittee as part of its ongoing attack recovery.

The company urged customers to immediately reconfigure affected products.

The flaw, when chained together with a prior vulnerability, can allow an attacker to gain access to unpatched firewalls.

About 93% of IT security professionals don't report directly to their CEO, while a majority do not provide security updates to their boards of...

Stolen credentials are becoming a more prevalent form of initial access, a report from Mandiant shows.

Microsoft researchers warn they are seeing changing patterns as the cybercrime group has started trying to hack airlines and other industries after targeting...

Commissioners sharply disagreed over whether the rules were appropriate and necessary.

The open-source platform is widely used across enterprise environments, leaving thousands of instances at risk.

CVE-2025-0282, a critical vulnerability that affects Ivanti’s Connect Secure, Policy Secure and ZTA Gateway products, was disclosed and patched in January.

Bad actors are finding novel methods of attacking cloud-native environments, raising new security challenges for developers.

Limited resources, staffing and executive awareness can hamper attack response capabilities.

Researchers outline a campaign targeting U.S. companies, and CISA warns of attacks on government services and IT firms.

The latest round of sweeping layoffs could hamper the business community’s collaboration with the beleaguered cyber agency.

U.S. Treasury report shows drop in threat activity in the wake of aggressive takedown efforts.

Companies have built their security strategies around phishing simulations and educational webinars, tactics that research shows are ineffective.

The combination yields a major player in cyber-physical security and exposure management.

The agency was seeking prompt reporting of material cyber breaches and attacks, but faced a range of concerns from stakeholders.

A catastrophic cyberattack at Jaguar Land Rover is forcing governments and industrial leaders to address urgent demands for business resilience and...

Default-deny, strict controls and real-time monitoring: how to stop threats before they start.

Researchers confirmed a new zero-day vulnerability is separate from a flaw originally disclosed in October. A notorious ransomware group linked itself to the...

In today’s digital economy, trust isn’t a given, it’s engineered across the entire supply chain.

"We are seeing more broad based cyber incidents from our adversaries who are growing more aggressive," said Brandon Wales, CISA acting...

Network perimeters are gone. Modern security solutions must be proactive, dynamic and intelligent.

A new report stresses the importance of logging, network segmentation and strong authentication, among other practices.