The June campaign was targeted and aimed at stealing online banking credentials. | Continue reading
A recent malware campaign targeted victims at European and Middle East aerospace and military companies – via LinkedIn spear-phishing messages. | Continue reading
A researcher found that phone numbers tied to WhatsApp accounts are indexed publicly on Google Search creating what he claims is a “privacy issue” for users. | Continue reading
Google and Qualcomm both addressed significant vulnerabilities in their June updates. | Continue reading
Latest version of UnC0ver uses unpatched zero-day exploit to take complete control of devices, even those running iOS 13.5. | Continue reading
The domain registrar giant said that the breach started in October 2019. | Continue reading
The team behind the ransomware, first spotted in late 2014 and typically targeting Russian victims, apologized to victims in a post on GitHub. | Continue reading
Researchers say the bugs are easy to exploit and will likely be weaponized within a day. | Continue reading
After gamers reported unauthorized logins and purchases, Nintendo confirmed that over 160,000 accounts had been hacked. | Continue reading
Cybercriminals uploaded typosquatted malicious libraries to RubyGems, which contains open-source components that are used as basic application building blocks by software developers. | Continue reading
Thousands of compromised Zoom credentials were discovered in underground forums as cybercriminals look to tap into the burgeoning remote workforce. | Continue reading
Google is rolling out the newest Chrome browser version, 80.0.3987.162, in the coming days. | Continue reading
The botnet exploits a vulnerability discovered last month that can allow threat actors to remotely compromise and control devices. | Continue reading
An academic study found Microsoft's Edge browser to be the least private, due to it sending device identifiers and web browsing pages to back-end servers. | Continue reading
Around 600,000 of the supermarket's 12 million loyalty program members have been warned about a cyberattack. | Continue reading
Cyber attack at Visser Precision, which builds custom parts for the aerospace and automotive industries, reveals sensitive company data. | Continue reading
A leak at the Defense Information Systems Agency exposed personal information of government employees, including social security numbers. | Continue reading
Misconfigured Docker registries could leak confidential data, lead to a full-scale compromise and interrupt the business operations.” | Continue reading
The malicious Chrome extensions were secretly collecting users' browser data and redirecting them to malware-laced websites. | Continue reading
A lack of proper code-signing verification and authentication for firmware updates opens the door to information disclosure, remote code execution, denial of service and more. | Continue reading
The release of Firefox 73 fixed high-severity memory safety bugs that could cause arbitrary code execution and missing bounds check that could enable memory corruption. | Continue reading
Downloads of files like images may be banned if they use HTTP connections – even if they are available from an HTTPS website. | Continue reading
The researcher behind the five critical Cisco flaws, collectively called CDPwn, talks about why Layer 2 protocols are under-researched when it comes to security vulnerabilities. | Continue reading
The tricky trojan evolves yet again, remaining one of the most advanced vehicles for delivering malware. | Continue reading
The newly-introduced bill targets the Patriot Act's Section 215, previously used by the U.S. government to collect telephone data from millions of Americans. | Continue reading
The new U.K. law mandates that manufacturers apply several security controls to their connected devices. | Continue reading
New research outlines vulnerabilities in Safari’s Intelligent Tracking Protection that can reveal user browsing behavior to third parties. | Continue reading
CVE-2020-0674 is a critical flaw for most Internet Explorer versions, allowing remote code execution and complete takeover. | Continue reading
Users of GnuPG, OpenSSL and Git could be in danger from an attack that's practical for ordinary attackers to carry out. | Continue reading
The Federal Depository Library Program (FDLP) website was defaced over the weekend to show a picture of a bloodied President Donald Trump. | Continue reading
On Wednesday California signed into law the strictest privacy law in the United States. | Continue reading
2019 was a banner year for data exposures, with billions of people affected. | Continue reading
From more widescale, powerful distributed denial of service (DDoS) attacks, to privacy issues in children's connected toys, here are the top IoT disasters in 2019. | Continue reading
Wawa said that payment-processing system malware had potentially affected all 850 of its locations. | Continue reading
The tech giant is looking for full working exploits with any vulnerability submission. | Continue reading
Researchers say that Amazon and Google need to focus on weeding out malicious skills from the getgo, rather than after they are already live. | Continue reading
The Epilepsy Foundation has filed a criminal complaint against undisclosed Twitter users who users its Twitter feed to post seizure-inducing content. | Continue reading
The ransomware attack earlier this month led the hospital system to reschedule surgeries and appointments. | Continue reading
Names, addresses, phone numbers, call and text message records and account PINs were all caught up in a cloud misconfiguration. | Continue reading
Now all travelers to and from the U.S. – even if they are U.S. citizens – will be subject to facial recognition-based checks, a new filing revealed. | Continue reading
Prosecution asks for imprisonment of the hacker who stole nude photos and other personal data from women’s iCloud accounts and then distributed some of the material online. | Continue reading
Researchers uncovers “ultimate man-in-the-middle attack” that used an elaborate spoofing campaign to fool a Chinese VC firm and rip off an emerging business. | Continue reading
Likely the work of APT34, ZeroCleare is bent on destruction and disruption, rather than information-stealing. | Continue reading
The Microsoft applications are vulnerable to an OAuth authentication flaw that could enable Azure account takeover. | Continue reading
The COPRA legislation would provide GDPR-like data protections, and create a new FTC enforcement bureau. | Continue reading
The company expanded its Android bug bounty program as one of several recent moves to ramp up mobile security. | Continue reading
Some of the bugs allow remote code-execution. | Continue reading