Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

Campaign exploits misconfigured Docker APIs to gain network entry and ultimately sets up a backdoor on compromised hosts to mine cryptocurrency.

A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.

A proof-of-concept attack has been pioneered that “fully and practically” breaks the Secure Hash Algorithm 1 (SHA-1) code-signing encryption, used by legacy computers to sign the certificates ...

Bad actor obtained passwords for servers, home routers, and smart devices by scanning internet for devices open to the Telnet port.

Here’s what cybersecurity watchers want infosec pros to know heading into 2022. No one could have predicted the sheer chaos the cybersecurity industry would experience over the course of 2021 ...

A cloud misconfig by SocialArks exposed 318 million records gleaned from Facebook, Instagram and LinkedIn. More than 400GB of public and private profile data for 214 million social-media users ...

New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw.

A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and has resorted to recruiting so-called “cyber-mercenaries” to carry out specific illicit ...

From more widescale, powerful distributed denial of service (DDoS) attacks, to privacy issues in children's connected toys, here are the top IoT disasters in 2019.

Nearly a quarter of endpoints still run Windows 7, even though support and security patches have ended.

Microsoft warns that cybercriminals are using Cobalt Strike to infect entire networks beyond the infection point, according to a report.