A cyberespionage group of Russian origin known as Pawn Storm is infecting Linux systems with a simple but effective Trojan program that doesn't require highly privileged access.
The Pwn2Own hacking contest in March will award security researchers for exploiting Google Chrome, Microsoft Edge, Apple Safari, Flash Player and, for the first time, VMware Workstation.
Cisco Systems patched a critical vulnerability that could allow remote attackers to take over Cisco Adaptive Security Appliance (ASA) firewalls configured as virtual private network servers by simply sending malformed network packets to them.
Microsoft released its second batch of security updates for this year, addressing a total of 36 flaws in Internet Explorer, Edge, Office, Windows and .NET Framework.
The Internal Revenue Service was the target of an attack that used stolen social security numbers and other taxpayer data to obtain PINs that can be used to file tax returns electronically.
A Java-based Trojan known as Adwind and AlienSpy has been rebranded as JSocket and is being sold as a service to all types of attackers, from opportunistic cybercriminals to cyberespionage groups.
Researchers from security vendor Kaspersky Lab have identified three cybercrime groups that compromise and steal money from financial institutions using sophisticated techniques and custom malware.
Older Java installers are designed to look for and automatically load a number of specifically named DLL (Dynamic Link Library) files that might exist in the folder they were launched from.
A Google security researcher found a serious vulnerability in the Avast SafeZone browser that doesn't exist in Chromium, the open-source browser that serves as its foundation.
An unknown person -- possibly a white hat hacker -- gained access to some of the servers that cybercriminals use to distribute the Dridex online banking Trojan and replaced the malware with an installer for Avira Free Antivirus.
Serious vulnerabilities in the Netgear NMS300 ProSafe network management system, an application used to discover, monitor and configure a wide range of network devices, can allow hackers to take control of the servers it's running on.
Researchers from Rapid7 found privacy-invading vulnerabilities in the Web services used by the Smart Toy line of interactive stuffed animals and the hereO GPS watch for children.
The Socat networking service used a non-prime number for its key exchange mechanism, potentially allowing attackers to eavesdrop on encrypted connections opened with the tool.
Google has patched thirteen new vulnerabilities in Android, two of which could allow attackers to take control of Android devices located on the same wireless network.
Over 60 Android games hosted on Google Play had Trojan-like functionality that allowed them to download and execute malicious code hidden inside images.