A bug affecting the permissions dialog when authorizing certain apps to Twitter leaves direct messages exposed to the third-party without the user ever knowing about it.
Facebook just announced that a bug in its application programming interface for photos may have allowed third-party unauthorized access to images on 6.8 million accounts.
If certain crooks have some sort of moral compass that keeps them away from certain victims, others ditch such boundaries for the right amount of money. A perpetrator from the latter category was able to fool the charitable organization Save the Children into misdirecting close to $1million.
WordPress released a security patch for its software, fixing seven vulnerabilities in version 5.0.1. One of them stands out as it allows search engines to index email addresses and even passwords.
Two new samples of the Shamoon data have been discovered in the wild, after a period of silence that lasted for about two years.
The world of macOS malware has a new member that makes no effort to keep appearances and looks rather like a bare-bones version that is still under development.
A new advanced threat actor has emerged on the radar, targeting organizations in the defense and the critical infrastructure sectors with fileless malware and an exploitation tool that borrows code from a trojan associated with the Lazarus group
An Android malware posing as a battery optimization app social engineers its way into stealing funds from PayPal users, despite two-factor authentication protection, by simply prompting them to log into the app.
The Cobalt hacking group specialized in breaching the networks financial institutions and banks is now using a new variant of the ThreadKit exploit builder kit for Microsoft Office documents.
More than 40,000 users victims of phishing attacks had their credentials for unlocking online accounts for government services stolen. The information might have already been sold on underground hacker forums
The relatively new espionage group Speedworm proves to be highly adaptive by using GitHub to keep their malware and by carefully observing the developments on the infosec scene via social networking services.
Non-public details on about 52.5 million Google+ profiles were accessible to developers of apps requesting permission to view data the user had configured to remain private.
A mobile clickfraud campaign used 22 Android apps to trick online advertisers into paying the higher price for advertising on iPhone 5 to 8 Plus devices.
The recently disclosed critical-impact bugÂ inÂ Kubernetes created strong ripples in the security world of the container-orchestration system. Now, multiple demo exploits exist and come with easy-to-understand explanations.
A researcher published exploit code for a vulnerability in WebKit, the web browser engine that powers Apple's Safari, along with other apps on macOS, iOS, and Linux.