Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.

Bad actor obtained passwords for servers, home routers, and smart devices by scanning internet for devices open to the Telnet port.

Symbiote, discovered in November, parasitically infects running processes so it can steal credentials, gain rootlkit functionality and install a backdoor for remote access.

New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw.

The first half of 2021 saw 1.5 billion attacks on smart devices, with attackers looking to steal data, mine cryptocurrency or build botnets.

The ever-shifting, ever-more-powerful malware is now hijacking email threads to download malicious DLLs that inject password-stealing code into webpages, among other foul things.

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.

Instances of phishing attacks leveraging the Microsoft brand increased 266 percent in Q1 compared to the year prior.

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Chris Hallenbeck, CISO for the Americas at Tanium, discusses the impact of geopolitical conflict on the cybersecurity insurance market.

A series of cyberattacks on a telecom company in the Middle East has signaled the return of the OilRig APT. The attacks also revealed a revised backdoor tool in the group’s arsenal, called RDAT.