Radware this week revealed it added blockchain technologies to its Bot Manager platform to thwart attacks designed to evade completely automated public

Facebook is rolling out a new link schema—to fight privacy browsers and privacy plugins.

Researchers have reverse engineered NSO group’s recent zero-click iPhone exploit. And it’s a doozy.

That story about the Chinese woman accused of unauthorized entry to Trump’s Mar-a-Lago? It gained a weird new twist this week. The Feds protecting the President supposedly found a USB stick and did...

Over the past few years “security” has become a buzzword across many industries, and for good reason. With the threat of data breaches haunting industry

Kevin is Free: Hackers’ hacker dies, aged 59.

As we near the end of 2018, technology professionals and businesses alike are looking back on the last 12 months and evaluating highs and lows. For

Testy Testudine: Lurking vuln in SSH spec means EVERY implementation must build patches.

IRONSCALES this week made available in beta a tool that leverages OpenAI's generative pre-trained transformer (GPT) technology to make it simpler for end

IBM today added managed threat detection and response services that leverage artificial intelligence (AI) to identify and thwart cyberattacks.

Source code for the Intel Alder Lake processor EUFI BIOS has gone walkies. 4chan is said to be involved.

GoDaddy’s web hosting service breached yet again. This time, the perps were redirecting legit websites to malware.

You had one job: Once is happenstance, twice is coincidence, FIVE TIMES is sheer incompetence.

Content warning: Abuse, stalking, controlling behavior, Schadenfreude, irony, doxxing.

This story only gets worse for Facebook: Two weeks ago, I told you about how Zuckerberg’s firm was demanding some users enter their email passwords, so they can be “verified.” But now, further...

A new wiper malware is destroying data on Russian government PCs. Dubbed CryWiper, it pretends to be ransomware.

Ukraine supporters hacked Russia’s biggest ride hailing app, Yandex Taxi. They sent every available cab to a single address, all at once.

Each month in 2021, NTT Application Security has been tracking the state of application security and the threat landscape, paying particular attention to

Chainguard this week made available a memory-safe distribution of Linux, dubbed Wolfi, that promises to eliminate the root cause of the bulk of known

OWASP this month released a top ten list focused on application programming interfaces (APIs). The list summarizes the new vectors that attackers use

In April of 2013, CNN introduced the world to Shodan, a search engine for internet-connected devices, by publishing an article titled, Shodan: The

Sensitive military data found on unprotected Microsoft Azure server. Defense Department email store left insecure for at least 11 days.

Oh, Lord: My friends all hack Porsches—I must make amends.

Focusing on security is a social responsibility every company should take to protect its consumers and its data, for the benefit of all In his

Firefox looking good right now: “Privacy Sandbox” criticized as a proprietary, hypocritical, anti-competitive, self-serving contradiction.

Here come yet more stories of Russia interfering in elections, Moscow-sponsored attempts to sow discord, and Putin-led conspiracy-theory spreading. But it has to be said: They’re suspiciously...

The C and C++ languages are unsafe. Instead, the NSA would like devs to use memory-safe languages—such as Rust.

Emergency stop button: The Python Package Index was drowning in malicious code again, so they had to shut down registration for cleanup.

Invicti has published the Spring 2022 Edition of The Invicti AppSec Indicator, a comprehensive study that ranks the most common web vulnerabilities. To

Sensitive military data found on unprotected Microsoft Azure server. Defense Department email store left insecure for at least 11 days.

R.E.S.P.E.C.T. RESTRICT: The White House and both sides of the Senate agree that TikTok needs to be stopped—or at least RESTRICT’ed. A bipartisan bill seeks to make that happen.

The U.S. Marshals Service (USMS) has been hacked (again). Scrotes stole sensitive stuff (supposedly).

And now, this: John-Oliver-pics protest won’t change Reddit policy, but will ransom demand work?

Google’s Project Zero is back, with some worrying criticisms of Apple’s software-engineering chops. The conclusions will surprise you.

After sneaking into Google and Samsung app stores, “GREF” APT targets Uyghurs and other PRC minorities.

Microsoft may have retired the Boa web server in 2005, but that hasn’t stopped widespread use—and now the company is saying a vulnerability in the

Beware Fancy Bears Bearing Gifts: Confirms DCLeaks caper was by APT28. Also that APT28 is Russian military unit.

TikTok’s ‘Invisible Body’ challenge was too great an opportunity for malware scrotes to pass up: “You too can see you favorite TikTok star naked!”

Be careful what you wish for: Biden wants new regulations for cloud providers—but we’re not sure it’ll help.

Kaspersky Lab’s endpoint security products track your web activity. And it allowed any other website to track you.

Security researchers say healthcare providers are failing to secure mind boggling amounts of highly sensitive patient medical data.

What is an API gateway? APIs are an important part of the information economy, allowing applications to communicate with each other, and sharing

Voice AI tech being misused by scammers: Scrotes fake your voice and call your grandparents. Then “you” beg them for money.

A hacker managed to compromise HackerOne, a company that itself pays white hat hackers to find security breaches for other companies. The hacker, identified only by the pseudonym haxta4ok00, figured...

GitLab today at its GitLab Commit Virtual event pledged to make securing its open source continuous integration/continuous delivery (CI/CD) platform a

On July 2019 Patch Tuesday, Microsoft released a patch for CVE-2019-1126, an important vulnerability discovered by Preempt Research Labs. The vulnerability discovered leads to security issues that...

Originated at the Massachusetts Institute of Technology in 1961, passwords have long been a central component of digital security. But in the nearly 60

When will it end? Russia takes down Kyivstar cellular system, Ukraine destroys Russian tax system.

XSS Auditors are security mechanisms in browsers that operate as a preventative layer against Reflected Cross-site Scripting attacks. Each browser has a different way of implementing XSS Auditors. In...

We often see businesses devising ingenious ways to pull ahead of competitors in the hyper-competitive online business industry. From tiny startups to

Apple releases iOS 12.4.1 emergency patch: The issue was its own fault, caused by a source-code regression.

Not nice: Hacker claimed 20 million, 23andMe said it was only 14,000—but now admits to 6.9 million.

James Zhong admitted to stealing 50,000 bitcoins from the former dark web market, Silk Road—the DoJ has the gory story

TA446’s new TTPs: “Star Blizzard” FSB team called out by Five Eyes governments (again).

Speculation swirled over why the prolific and dangerous REvil ransomware went offline – blog, payment processing, all suddenly went kaput – it’s important

Messaging apps like Discord and Telegram have become a conduit for malware, as their popularity grows among users who want to create and share programs on

There are legitimate security concerns about the use of low-code platforms, especially at scale. Here's how to address them.

As APIs are increasingly used in app development, it should come as no surprise that threat actors have turned them into attack vectors. In fact, Gartner

Twitter has nuked a key privacy setting. You used to be able to opt out of sharing your private information with advertisers—but not any more.

U.S. GDPR ASAP: Data brokers are selling PII about mental health conditions—depression, anxiety, bipolar disorder, PTSD, OCD, etc.

Worried Xiaomi Mijia IP camera users are finding other people’s images displayed on their Google Home Hubs. The problem seems to linked to a botched software update.

The Ukrainian government has warned that Russia is planning a massive attack against the critical infrastructure of Ukraine and of its allies.