The website of toy maker Maisto was infected with malicious code that distributed CryptXXX, a new and increasingly widespread ransomware program.
Researchers from security firm PhishLabs found 11 phishing applications hosted on Google Play this year, targeting users of popular online payment services.
Developers from hundreds of companies have included access tokens for their Slack accounts in public projects on GitHub, putting their teams' internal chats and other data at risk.
An Estonian man was sentenced Tuesday to 87 months in prison in the U.S. for his role in a cybercriminal operation that infected over 4 million computers with DNS hijacking malware.
A cyberespionage group active in Asia has been leveraging a Windows feature known as hotpatching in order to better hide its malware from security products.
A group of cybercriminals extorted over $100,000 from companies by threatening to launch DDoS attacks against them, without even having the capability to do so.
Attackers are using two known exploits to silently install ransomware on older Android devices when their owners browse to websites that load malicious advertisements.
The hackers who stole $81 million from Bangladesh's central bank earlier this year likely used custom malware designed to interfere with the SWIFT client software used by financial institutions.
A researcher found a PHP-based backdoor installed by hackers on one of Facebook's corporate servers.
Cisco Systems has released patches to fix serious denial-of-service flaws in its Wireless LAN Controller (WLC) software, Cisco Adaptive Security Appliance (ASA) software and the Secure Real-Time Transport Protocol (SRTP) library that's used in many products.
A security researcher has created a free security tool that can detect attempts by ransomware programs to encrypt files on users' Macs and then block them before they do a lot of damage.
A new memory scraping malware program steals payment card data from point-of-sale (PoS) terminals and sends it back to attackers using the Domain Name System (DNS).
Oracle's latest quarterly security update contains 136 fixes for flaws in a wide range of products including Oracle Database Server, E-Business Suite, Fusion Middleware, Oracle Sun Products, Java and MySQL.
The OS X command line developer tools include an old version of the Git source code management system that exposes Mac users to remote code execution attacks.
The hacker who leaked 400GB of internal files and emails from Italian surveillance software maker Hacking Team published a full account of how he infiltrated the company's network.