DMARC analysis by Proofpoint shows that institutions in the U.S. have among some of the poorest protections to prevent domain spoofing and lack protections to block fraudulent emails ...

Infosec Insiders Community Browse our curated content, contributed by the Threatpost community of industry experts, technical gurus and thought leaders.

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.

SEGA's disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets.

A collection of Threatpost’s top recorded cybersecurity webinars available on-demand or register for our upcoming 2021 lineup of live events.

Researchers uncovers “ultimate man-in-the-middle attack” that used an elaborate spoofing campaign to fool a Chinese VC firm and rip off an emerging business.

Most Windows versions are at risk of remote, unprivileged attackers abusing RDP from the inside to hijack smart cards and get unauthorized file system access.

A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.

Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours.

New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw.

Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a "missed chat" from Microsoft Teams.

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.