A study from IBM shows the controversial shift to platformization can pay off for enterprises. 

Vulnerabilities in certain Contec and Epsimed patient monitors can allow people to gain access and potentially manipulate the devices, the FDA warned.

Burnout seems certain as CISOs confront budget constraints, a heavy workload and job dissatisfaction.

Security leaders are making inroads with corporate boards and now have a seat at the table with CEOs, a Splunk report shows.

Researchers say the manufacturer has yet to publicly disclose or patch the flaw.

Unpredictable cloud bills, outdated software licenses and shadow IT frustrate FinOps efforts, according to Apptio.

When malicious hackers exploit vulnerabilities in firewalls, VPNs and routers, it’s not the vendors that get hit — it’s their customers.

The new estimate nearly doubles the company’s previous report of 100 million affected individuals, already the largest healthcare data breach ever reported to federal regulators.

Researchers from Microsoft Threat Intelligence alerted the company to suspected threat activity.

State-linked hackers were linked to a series of attacks that led to the theft of unclassified data from the Treasury Department.

Shadowserver scans found 379 compromised Ivanti Connect Secure devices. Researchers said the situation is serious and likely impacts more organizations.

The vendor’s customers have confronted multiple attack sprees targeting zero-days spanning a variety of products.

The incident led to delays in processing child support payments in Wisconsin.

The directive, issued in October 2023, added guardrails for AI developers and bolstered guidance for businesses looking to adopt the technology. 

The Cyber Safety Review Board was investigating the hacks of U.S. telecom firms attributed to the Salt Typhoon threat group.

The K-12 software company is facing legal pushback and criticism following a cyberattack that impacted a still unknown number of districts.

The Office of Foreign Assets Control took measures against a state-linked hacker and a Shanghai-based cybersecurity firm in response to the recent attacks against critical infrastructure in the U.S.

The financially-motivated hacker was previously linked to the mass exploitation of critical vulnerabilities in MOVEit file-transfer software.

The agency’s declaratory ruling took effect Thursday, but the future outlook of that effort and a separate proposed rule remain uncertain under the incoming administration.