A cyber analytics firm has discovered several instances of enterprise software that collected and sent information home, a behavior which could [...]

Security researchers have released details about two vulnerabilities in the Western Digital and SanDisk SSD Dashboard application that could be [...]

After falling for a BEC scam, Cabarrus County in North Carolina lost $1,728,082.60 after sending $2.5 million to scammers pretending to be contractors [...]

With the release of the Windows 10 Insider build 18945, the Windows Subsystem for Linux version 2 now supports the ability for Windows 10 applications to [...]

A joint statement published by the Cybersecurity and Infrastructure Security Agency (CISA), the Multi-State Information Sharing and Analysis Center [...]

OXID e-commerce platform today released an update for its software fixing a remote takeover vulnerability that can be exploited without authentication.

Cybercriminals are now using a combolists-as-a-service model to sell credential collections to other crooks, which will later use them as part of large [...]

A new ransomware family targeting Android devices spreads to other victims by sending text messages containing malicious links to the entire contact [...]

Security researchers analyzing the security flaws present in IoT devices used in smart buildings were able to replace the real video feeds with arbitrary [...]

Attackers are deleting files on publicly accessible Lenovo Iomega NAS devices and leaving ransom notes behind. These ransom notes state that the attackers [...]

Capital One has announced a data breach that has exposed the personal information of 106 million people that includes transaction data, credit scores, [...]

An iMessage vulnerability patched by Apple as part of the 12.4 iOS update allows potential attackers to read contents of files stored on iOS devices [...]

Almost a dozen serious vulnerabilities have been sitting for the past 13 years in the VxWorks real-time operating system (RTOS) used to power [...]

New York Governor Andrew M. Cuomo signed the Stop Hacks and Improve Electronic Data Security (SHIELD) Act into law, with the new consumer privacy [...]

Now that ransomware developers know that they can earn monstrous payouts from local cities and insurance policies, we see a new government agency, [...]

Attackers are using fake Google domains spoofed with the help of internationalized domain names (IDNs) to host and load a Magecart credit card [...]

Today marks the third anniversary of No More Ransom and through its partners from the public and private sectors, law enforcement, academia, and [...]

Security outfit Immunity has included a fully working BlueKeep exploit in their CANVAS automated pentesting utility with the release of version [...]

Louisiana Governor John Edwards has declared a state of emergency after a wave of ransomware attacks targeted school districts this month. This [...]

A phishing campaign using WeTransfer notifications as surrogates for the run-of-the-mill malicious URLs usually employed in these type of [...]

A botnet of over 400,000 IoT devices held a 13-day distributed denial-of-service (DDoS) siege against the streaming app of a company in the entertainment [...]

A new Watchbog malware variant can scan for Windows computers vulnerable to BlueKeep exploits, with previous variants only being [...]

Through the analysis of over 3.9 million posts on underground hacker and malware forums, a new report illustrates the most common malware and threats being [...]

The Internal Revenue Service (IRS) issued a joint news release with the US tax industry and state tax agencies to remind professional tax preparers [...]

Under certain conditions, ProFTPD servers are vulnerable to remote code execution and information disclosure attacks after successful exploitation of [...]

Business email compromise (BEC) scammers are now targeting a company's customers using a new indirect attack method designed to collect information on [...]

Microsoft is currently in the process of developing significantly better manual threat hunting features for the Office 365 Threat Explorer, to be rolled [...]

An ongoing malvertising campaign is targeting an unauthenticated stored cross-site scripting (XSS) vulnerability in the Coming Soon Page & [...]

A decryptor for the LooCipher Ransomware has been released by Emsisoft that allows victims to decrypt their files for free. If you were infected with [...]

More than one million ProFTPD servers are vulnerable to remote code execution and information disclosure attacks that could be triggered after [...]

Hackers are exploiting vulnerable Jira and Exim servers with the end goal of infecting them with a new Watchbog Linux Trojan variant and using the [...]

What a week. Every day we see a new city, police station, college, government agency, or company being affected by a ransomware attack. To make matters [...]

Compromising an employee's email account can be profitable for BEC scammers and for distributing malware, but being able to gain access to an email [...]

The U.S. Internal Revenue Service (IRS) failed to implement a good deal of security controls recommended over the years, leaving financial reporting and [...]

Microsoft says that it notified roughly 10,000 of its customers in the past year of being either targeted or compromised by nation-state sponsored threat groups.

A new extortion scam is underway that pretends to be from a US State Police detective who is willing to delete child porn evidence if you send them $2,000 [...]

Mozilla and the Tor Project are in the early stages of exploring the inclusion of Tor's private browsing features within the Firefox web browser in the [...]

WizzAir today announced its customers that their account password has been automatically reset due to a technical issue in the system.

A flurry of ransomware attacks has been reported this week affecting entities in US states of Georgia, New York, Tennessee, and Florida.

A sample of the ransomware called MegaCortex that is known to target the enterprise in targeted attacks has been found and analyzed. In this article, we [...]

Nine years and more than 8,500 security bug reports later, Google decided to increase the value of the rewards for security vulnerabilities submitted [...]

Researchers unearthed a new and highly prolific malware framework used by its creators to generate over one billion fraudulent ad impressions over a [...]

The frequency of business email compromise (BEC) scams has increased year over year and so did the value of attempted thefts, reaching a monthly average of [...]

A long standing Twitter issue allows bad actors to manipulate tweets so that they appear to contain content from one site, but actually link to a [...]

The Drupal CMS team has released a security update to address a critical severity access bypass vulnerability in the CMS' core component that could allow [...]

Image: Daan Mooij Financial data, personally identifiable information (PII), and real-time location of millions of Chinese users was leaked by an open [...]

A new Linux malware masquerading as a Gnome shell extension and designed to spy on unsuspecting Linux desktop users was discovered by Intezer Labs' [...]

A group behind the recent outbreaks of malicious advertisements being displayed through Windows 10 apps and Microsoft games has been identified as being [...]

Some versions of WinRAR file compression tool and Winbox software for managing MikroTik users have been tampered with to install malware serving an [...]

A newly discovered DNS-changer Trojan dubbed Extenbro has been observed while blocking access to websites of security software vendors to prevent its [...]