Автор: Becky Bracken, Senior Editor, Dark Reading

GenAI’s 30%-50% coding productivity boost comes with a downside — it’s also generating vulnerabilities. Veracode’s Chris Wysopal talks about what he finds out in this News Desk interview during Black Hat USA.

New analysis says law enforcement efforts against Russian-language ransomware-as-a-service (RaaS) infrastructure helped consolidate influence behind BlackBasta, but some experts aren’t so sure the brand means that much.

In addition to XSS, MITRE and CISA’s 2024 list of the 25 most dangerous security vulnerability types (CWEs) also flagged out-of-bounds write, SQL injection, CSRF, and path traversal.

Posing as an application used to locate Ukrainian military recruiters, a Kremlin-backed hacking initiative delivers malware, along with disinformation designed to undermine sign-ups for soldiers in the war against Russia.

Four companies — Avaya, Check Point, Mimecast, and Unisys — have been charged by the SEC for misleading disclosures in the aftermath of the 2020 SolarWinds compromise.

Amazon’s open source Cloud Development Kit generates dangerously predictable naming patterns that could lead to an account takeover.

Operation Overload pushes dressed up Russian state propaganda with the aim of flooding the US with election disinformation.

Despite a law enforcement sweep last May, the sophisticated downloader malware is re-emerging.

The persistent infostealer’s latest campaign inserts fake CAPTCHA pages into legitimate applications, fooling users into executing the malicious payload, researchers find.

A survey shows three-quarters of CISOs are drowning in threat detections put out by a sprawling stack of tools, yet still lack the basic visibility necessary to identify breaches.