Security and identity

Threat detection and response (TDR) refers to the tools and processes organizations use to detect, investigate and mitigate cybersecurity threats.

Skip the nose clip and head straight for the diving bell in this descent into the murky depths of the Resource Prefetch Predictor web artifacts found within Chromium-based web browsers, in use on both computers and mobiles today.

Web security encompasses a range of solutions and security policies that organizations rely on to protect their networks, users, and assets from various security risks.

Hive0145, the threat actor known for delivering Strela Stealer to exfiltrate email credentials, is back to no good and now targeting Germany using malicious SVG files to download a simple reverse shell X-Force named StarFish.

Explore how Azure Arc can be identified in environments, misconfigurations in deployment can allow for privilege escalation, an overprovisioned Service Principal can be used for code execution and how Arc can be used as an out-of-band persistence mechanism.

Dive into research on a double-free vulnerability, CVE-2019-11932, in an image processing library used by WhatsApp and a GIF-processing vulnerability affecting Android mobile phones.

As the industry gets closer to achieving a cryptographically relevant quantum computer, the security of data—operational, personal and financial—will be more critical than ever. Protecting that data from this newest risk vector will become a top priority for many enterprises.

Access management is the cybersecurity discipline that controls user access rights to digital resources.

An identity fabric is a framework for integrating and orchestrating multiple identity and access management (IAM) systems to act as a single unified system.

A compliance audit is an impartial assessment of an organization’s activities and records to determine whether it is meeting internal and external standards.

China-aligned threat actor Hive0154 has spread numerous phishing lures in targeted campaigns throughout 2025 to deploy the Pubload backdoor. As of May 2025, X-Force noticed these attacks targeting the Tibetan community. Learn more.

Public key encryption is a type of cryptographic system that uses a mathematically linked pair of keys—one public, one private—to encrypt and decrypt data.

Learn more about machine learning training environments and infrastructure, as well as different attack scenarios against critical components, including cloud compute, model artifact storage and model registries.

IBM's definition of cybersecurity. Learn how modern threats evolve with technology, stay ahead with trends and access the latest security reports.

Behavioral biometrics is a form of authentication that analyzes unique patterns in a user’s activity—such as mouse or touchscreen usage—to verify identity.

FIDO2 (Fast Identity Online 2) is an open standard for passwordless authentication that was developed by the FIDO Alliance in partnership with the World Wide Web Consortium.

Identity governance and administration (IGA) manages regulatory compliance for digital identities and user access rights in a computer system.

Threat actors have been heavily targeting the industrial sector in recent years. Learn more about why this industry is being targeted and what organizations can do to protect against these cyberattacks.

Identity and access management (IAM) tools help ensure that the right people can access the right resources for the right reasons at the right time.

IBM X-Force has been monitoring phishing email campaigns from Hive0131 pretending to be The Judiciary of Colombia and using fake notifications to Colombians of criminal proceedings to deliver malware. Learn more about this threat.

Since the start of 2025, IBM X-Force has been tracking a phishing campaign targeting financial institutions worldwide, using weaponized Scalable Vector Graphics (SVG) files to initiate multi-stage malware infections. Learn more.

Distributed denial-of-service (DDoS) protection and mitigation is the use of cybersecurity tools and services to prevent or quickly resolve DDoS attacks.

Cryptojacking is a type of cyberattack in which cybercriminals hijack the computing resources of victims’ devices to mine cryptocurrency without permission.

Alert fatigue is a state of mental and operational exhaustion caused by an overwhelming number of alerts—many of which are low-priority, false positives or otherwise non-actionable.

Mispadu, or Ursa, is back. Learn more about the overlay financial malware, what the attacks look like and how to protect yourself and your assets from it.

Since late March 2025, IBM Security has been closely monitoring a sophisticated spear phishing campaign designed to steal Amazon and Amazon Prime credentials and primarily targeting residents of France. Learn more.

In the age of generative AI, many traditionally reliable defenses against social engineering attacks no longer work.

API security is a set of practices and procedures that protect application programming interfaces (APIs) and the data they transmit from misuse, malicious bot attacks and other cybersecurity threats.

AI security uses artificial intelligence (AI) to enhance an organization's security posture.

Previously discovering a method for bypassing even the strictest WDAC policies by backdooring trusted Electron applications, the IBM X-Force Red team continued their research and can now bypass the restriction of executing JavaScript code only.