The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.

SEGA's disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets.

Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a "missed chat" from Microsoft Teams.

Researchers uncovers “ultimate man-in-the-middle attack” that used an elaborate spoofing campaign to fool a Chinese VC firm and rip off an emerging business.

A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.

New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw.

Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours.

After a recent dip, ransomware attacks are back on the rise. According to data released by NCC Group, the resurgence is being led by old ransomware-as-a-service (RaaS) groups.

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

Phishing emails target a bank's users with malware - and make their landing page look more legitimate with fake Google reCAPTCHAs.

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

There are five different pillars to implement when moving to a modern, zero-trust security model. Employees are demanding that employers enable flexible workstyles. Apps are moving to the cloud. A ...