A security researcher developed a tool that can automatically detect sensitive access keys that were hard-coded inside software projects.
Groups of attackers have adopted a new tactic that involves deleting publicly exposed MongoDB databases and asking for money to restore them.
A malicious program called KillDisk that has been used in the past to wipe data from computers during cyberespionage attacks is now encrypting files and asking for an unusually large ransom.
The security team behind the Plone content management system has dismissed claims that hackers have access to information about an unpatched critical vulnerability.
Security vendor Kaspersky Lab updated its antivirus products to fix an issue that could have exposed users to traffic interception attacks.
Over the Christmas holiday, a user reported the first in-the-wild case of a ransomware attack that infected an Android-based smart TV.
Insecure default configurations are prevalent in the IoT world, but many of them could be easily avoided if device manufacturers would include LAN-based attacks in their threat modelling.
The travel booking systems used by millions of people every day lack modern authentication methods and allow attackers to easily modify other people’s reservations.
A critical remote code execution vulnerability in PHPMailer, one of the most widely used PHP email sending libraries, could put millions of websites at risk of hacking.
Apple has backtracked on a plan to force iOS developers to encrypt their app communications by the end of the year.
The cyberespionage group blamed for hacking into the U.S. Democratic National Committee (DNC) has also infiltrated the Ukrainian military through a trojanized Android application used by artillery units.
Developers of the popular Signal secure messaging app have started to use Google's domain as a front to hide traffic to their service and to sidestep blocking attempts.
VMware released a hotfix for vSphere Data Protection (VDP) to change a hard-coded SSH key that could allow remote attackers to gain root access to the virtual appliance.
Security experts from Google have developed a test suite that allows developers to find weaknesses in their cryptographic libraries and implementations.
Ransomware creators are increasingly targeting companies and other organizations, sometimes using techniques borrowed from cyberespionage attacks, because they're likely to pay more money for their data.