Security and identity

Alert fatigue is a state of mental and operational exhaustion caused by an overwhelming number of alerts—many of which are low-priority, false positives or otherwise non-actionable.

Mispadu, or Ursa, is back. Learn more about the overlay financial malware, what the attacks look like and how to protect yourself and your assets from it.

Since late March 2025, IBM Security has been closely monitoring a sophisticated spear phishing campaign designed to steal Amazon and Amazon Prime credentials and primarily targeting residents of France. Learn more.

In the age of generative AI, many traditionally reliable defenses against social engineering attacks no longer work.

AI security uses artificial intelligence (AI) to enhance an organization's security posture.

API security is a set of practices and procedures that protect application programming interfaces (APIs) and the data they transmit from misuse, malicious bot attacks and other cybersecurity threats.

Previously discovering a method for bypassing even the strictest WDAC policies by backdooring trusted Electron applications, the IBM X-Force Red team continued their research and can now bypass the restriction of executing JavaScript code only.

Discovered in 2023, Rilide is a sophisticated piece of malware that targets Chromium-based browsers to hijack user activity and steal sensitive data. Learn more about the malware and how it operates.

Distributed denial-of-service (DDoS) attacks flood websites and other network resources with malicious traffic, making apps and services unavailable to users.

Identity security is a cybersecurity discipline focused on protecting digital identities and the systems that manage them.

Identity threat detection and response (ITDR) systems are proactive cybersecurity tools that monitor systems and apps to find and fix identity-based threats.

FIDO (Fast Identity Online) authentication is a set of open standards for passwordless authentication for websites, applications and online services.

AI for fraud detection refers to implementing machine learning (ML) algorithms to mitigate fraudulent activities.

As cybersecurity teams thwart more direct hacks, attackers are turning to a quainter style of scam, with some new twists.

A vulnerability assessment is a systematic process used to identify, evaluate and report on security weaknesses across an organization’s digital environment.

An open letter from JP Morgan's Chief Information Security Officer shines a light on the urgent need for organizations to build security into their tools, technologies and process by default.

Kyri Lea and Elizabeth Christensen have developed m-Ray, an automated vulnerability scanner for IBM mainframes running the z/OS operating system.

Two-factor authentication (2FA) verifies a user’s identity by asking for two pieces of proof, such as an online account password and a one-time passcode.

Multifactor authentication (MFA) verifies a user’s identity by requiring at least two forms of proof, such as a password, fingerprint or other biometric data.

Explore how agentic AI introduces new security concerns in this conversation between world-renowned cybersecurity leader Wendi Whitmore and David Levy

The X-Force Red team was able to breach a hardened external perimeter and gain code execution to an on-premises SQL server, resulting in full Active Directory compromise. Learn how they did it, and how to prevent it from happening to you.

IBM X-Force observed Hive0148 spreading the Grandoreiro banking trojan to users in Mexico and Costa Rica. Learn more about this phishing and Malware-as-a-Service campaign.

Enterprise mobility management (EMM) tools and services help organizations secure and manage mobile devices, apps and data.

A brute force attack uses trial-and-error to crack passwords or encryption keys and gain unauthorized access.

The IBM X-Force Red team covers the fundamentals of COM and DCOM, dives into the RunAs setting and why authentication coercions are impactful and introduces a new credential harvesting tool - RemoteMonologue.

Most of us think of cybersecurity as a purely digital affair, but cyberattacks can actually begin right here in the physical world.

Digital credentials are a secure way to verify an identity without paper credentials. Examples include digital badges and digital certificates.

Social engineering will always be a problem, but we can all do our part to make scammers' jobs harder.

Microsoft offers a bug bounty for qualifying bypasses into Windows Defender Application Control. Learn how IBM's X-Force team found a bypass using Loki C2.

Privilege escalation is a cyberattack technique in which a threat actor alters or elevates their permissions in a target system.