The First Stop For Security News
Updated: 6 min 38 sec ago
The Feds have warned on six vulnerabilities in GE medical equipment that could affect patient monitor alarms and more.
The malicious email campaign included a never-before-seen malware downloader called Carrotball, and may be linked to the Konni Group APT.
The malware uses thousands of partner websites to spread malvertising code.
The critical flaw exists in Cisco's administrative management tool, used with network security solutions like firewalls.
New research outlines vulnerabilities in Safari’s Intelligent Tracking Protection that can reveal user browsing behavior to third parties.
The competition targets the systems that run critical infrastructure and more.
A newly discovered threat actor named Vivin is raking in Monero from cryptomining malware, showing that this type of attack isn't going away anytime soon.
The newest version of the sLoad malware dropper comes equipped with infection tracking capabilities and an anti-analysis trick.
The trove of information is potentially a scammer's bonanza.
Palo Alto Networks’ Unit 42 researchers observed a variant of the wormlike botnet that adds scanner technology to brute-force Web authentication.
More than half of security experts think that the good outweighs the bad when it comes to proof-of-concept exploits, according to a recent Threatpost poll.
A sophisticated malware-as-a-service phishing kit includes full customer service and anti-detection technologies.
Citrix has issued the first of several updates fixing a critical vulnerability in various versions of its Citrix Application Delivery Controller (ADC) and Citrix Gateway products.
New versions of the ransomware now sniff out saved credentials for Internet Explorer, Mozilla Firefox, Mozilla Thunderbird, Google Chrome and Microsoft Outlook.
CVE-2020-0674 is a critical flaw for most Internet Explorer versions, allowing remote code execution and complete takeover.
Bad actor obtained passwords for servers, home routers, and smart devices by scanning internet for devices open to the Telnet port.
Researchers say that JhoneRAT has various anti-detection techniques - including making use of Google Drive, Google Forms and Twitter.
The WeLeakInfo "data breach notification" domain is no more.
Weak challenge questions by customer service reps make it easy for fraudsters to hijack a phone line and bypass 2FA to breach accounts.
Are publicly released proof-of-concept exploits more helpful for system defenders -- or bad actors?