Palo Alto Network’s incident response firm said identity-based attacks are exploding as poor security controls stretch across a widening mosaic of integrated tools and systems.

Ransomware negotiators dish on being in a ‘moral gray zone,’ unrestricted by accountability or industrywide rules of engagement.

Talha Tariq quickly found his company at the center of a fast-moving, high-stakes mitigation effort. The result: a bounty program, a cat-and-mouse patch fight, and a debate…

Attacker interest in the vulnerability is magnified by an unparalleled number of publicly available exploits, earning the defect the highest verified public exploit count of any CVE…

Researchers warn that half of the exposed vulnerable instances remain unpatched as in-the-wild exploitation grows rapidly.

A debate over actual exploitation is muddying response efforts. Multiple researchers say they’ve observed working proof of concepts while others assert evidence of attacks is lacking.

Palo Alto Networks researchers haven’t been able to identify who’s behind the commercial-grade tech yet.

Microsoft addressed the critical vulnerability earlier this month, but had to issue an emergency update to resolve issues it previously missed.

The China-linked operation has grown from a phishing kit marketplace into an active and growing community supporting a decentralized large-scale phishing ecosystem.

Phantom Taurus has stolen sensitive data from ministries of foreign affairs, embassies, diplomats and telecom networks in the Middle East, Africa and Asia, researchers said.