Threatpost

Some 50,000 targeted victims have been identified so far in a massive, global scam enterprise that involves 26 different malwares.

Attackers are targeting the critical remote code-execution flaw to compromise systems in the healthcare, local government, logistics and legal sectors, among others.

Reducing the risks of remote work starts with updating the access policies of yesterday.

The team that hacked Amazon Echo and other smart speakers using a laser pointer continue to investigate why MEMS microphones respond to sound.

Events application Peatix this week disclosed a data breach, after user account information reportedly began circulating on Instagram and Telegram.

Fake Minecraft Modpacks on Google Play deliver millions of abusive ads and make normal phone use impossible.

Matt Lewis, with NCC Group, talks to Threatpost about a slew of security and privacy issues found in smart doorbells that are being sold on Amazon and eBay.

Cyberattackers could use the information to track users across devices, disable phone service, or intercept messages and phone calls.

Blackrota is targeting a security bug in Docker, but is nearly impossible to reverse-analyze.

Belgian researchers demonstrate third attack on the car manufacturer’s keyless entry system, this time to break into a Model X within minutes.

VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Windows and Linux operating systems and its Workspace One.

‘Vishing’ attack on GoDaddy employees gave fraudsters access to cryptocurrency service domains NiceHash, Liquid.

The TA416 APT has returned in spear phishing attacks against a range of victims - from the Vatican to diplomats in Africa - with a new Golang version of its PlugX malware loader.

Users of the music streaming service were targeted by attackers using credential-stuffing approaches.

The popular U.K. soccer club confirmed an attack but said personal fan data remains secure.

A Turkish hacktivist defaced a subdomain of the president-elect's campaign website.

Attackers exploiting an array of Google Services, including Forms, Firebase, Docs and more to boost phishing and BEC campaigns.

The critical and important-severity flaws were found by a team at the China-based Tiunfu Cup hacking challenge.

The information exposed in a public cloud bucket included PII, church-donation information, photos and users' contact lists.

Domains related to the new variant of the Grelos web skimmer have compromised dozens of websites so far.