According to AppOmni, about 31 percent of global organizations experienced a data breach in their Software-as-a-Service (SaaS) applications last year while attempting to gain visibility and control over their cloud environment.

A recent audit conducted by the Department of Justice's (DoJ) Office of the Inspector General (OIG) discovered that the FBI is exposing sensitive and classified data because of "significant weaknesses" in its inventory management and disposal of electr

The Science of Security team is pleased to announce the opening of... NSA’s Summer 2025 internship opportunities   Ads open: September 1- October 1 

A study led by the University of Michigan found that emerging self-driving vehicle networks that collaborate and communicate with one another or with infrastructure to make decisions are vulnerable to data fabrication attacks.

An ongoing campaign infects high-level organizations in Southeat Asia using two stealth techniques. The first method called "GrimResource," lets attackers run arbitrary code in the Microsoft Management Console (MMC).

Less than a week after releasing Chrome 128 to the stable channel, Google warns that another bug resolved with the update is being exploited in the wild.

California-based Patelco Credit Union has recently started informing customers and employees about a data breach after a ransomware group managed to steal information from databases containing personal information from its systems. Patelco is a me

The Seattle-Tacoma International Airport has confirmed that a cyberattack is likely behind the ongoing IT systems outage that disrupted reservation check-in systems and delayed flights over the weekend.

A long-running group has allegedly been helping cybercriminals penetrate Information Technology (IT) systems with CAPTCHA-solving services.

To combat Living Off the Land (LOTL) techniques used by Advanced Persistent Threat (APT) actors, the National Security Agency (NSA), along with international partners, has released a best practice guide for event logging.

Since 2022, a stealthy Linux malware called "sedexp" has evaded detection using a persistence technique not yet included in the MITRE ATT&CK framework.

Meta Platforms has announced that the same Iranian hacking group believed to have recently targeted both the Democratic and Republican presidential campaigns tried to compromise the WhatsApp accounts of staffers in the administrations of President Joe