Security researchers have discovered that tens of developers have left API credentials in hundreds of applications built around the Twilio service.
When you think you've seen it all, malware authors always find a way to impress you. Today's "that's clever!" moment comes courtesy of a criminal group that's been spreading a new version of the Zeus Panda banking trojan since June, this year.
Russian cyberspies have developed a new breed of backdoor trojan that features several novel techniques, including an API that allows attackers to reverse the C&C communications flow when needed.
WordPress sites that haven't been updated to the most recent version, v4.7.2, released last week, are under attack as four hacking groups are conducting mass defacement campaigns.
The WordPress security team revealed yesterday they've secretly fixed a zero-day vulnerability in the WordPress CMS, which wasn't initially included in the official announcement.
The WordPress team has addressed a security flaw in the API servers responsible for the CMS' update mechanism, which if exploited, would have allowed an attacker to deploy backdoors and malware to 27% of all websites on the Internet.