Two apps on Google Play were infecting devices with the Anubis mobile banking trojan.
The Fallout EK has added the latest Flash vulnerability to its bad of tricks, among other tune-ups.
Threatpost editors break down the top headlines from the week ended Jan. 18.
A default configuration allows full admin access to unauthenticated attackers.
Twitter has fixed the issue, which has been ongoing since 2014.
Microsoft is offering rewards of up to $20,000 for flaws in its Azure DevOps online services and the latest release of the Azure DevOps server.
Apple CEO Tim Cook has called on the government to double down on data privacy regulation in 2019.
Thousands of individual breaches make up the database, one of the largest troves of stolen credentials ever seen.
New samples of cryptomining malware performs a never-before-seen function: uninstalling cloud security products.
Our reader poll showed overwhelming support for 2FA even in the wake of a bypass tool being released -- although lingering concerns remain.
The storage server was left open for about a week and exposed everything from sensitive FBI investigations to data related to patients with AIDS.
The two were able to hack into the SEC's computer systems due to phishing attacks that stole credentials and spread malware.
Leaky Fortnite single sign-on mechanism could have allowed hackers to access game accounts.
The threat group also has a new subsidiary, Magecart Group 12.
VOIPO acknowledged that a development server had been accidentally left publicly accessible, and took the server offline.
Multiple hardcoded passwords allow attackers to create badges to gain building entry, access video surveillance feeds, manipulate databases and more.
January is off to a running start on the data breach front, while Experian is predicting new attack frontiers ahead.
A ruling found that coercing suspects to open their phones using biometrics violates the fourth and fifth amendments.
Brand damage, loss of productivity, falling stock prices and more contribute to significant business impacts in the wake of a breach.
He said that similar flaws were also found in the Dreamhost, HostGator, OVH and iPage web hosting platforms.