VirusList.com

A sophisticated and growing malvertising attacker is partnering with legitimate ad tech platforms to drop malware at scale.

The group is using malicious versions of WinRAR and other legitimate software packages to infect targets, likely via watering-hole attacks.

Lenovo patches enterprise and SMB network attached storage devices for a vulnerability that leaked data to the public internet.

With cybersecurity worldwide facing a major applicant shortage, businesses should be courting women and supporting girls.

The issue, present on Android versions, is similar to the known man-in-the-disk attack vector.

Someone AirDropped a picture of a suicide vest to multiple people on a JetBlue flight, prompting an evacuation.

The FTC has levied its biggest fine ever against the social network, but it's unlikely to have much effect.

A dropper called “Topinambour" is the first-stage implant, which in turn fetches a spy trojan built in several coding languages.

An independent researcher earned a $30,000 bug bounty after discovering a weakness in the mobile recovery process.

In this first part of a two part series, Shawn Taylor with Forescout talks to Threatpost about lessons learned from helping Atlanta remediate and recover from its massive ransomware attack.

Most respondents in a recent survey say they're losing the battle despite having up-to-date protections in place.

Vulnerability experts Michiel Prins and Greg Ose discuss the 15 most common vulnerability types.

Rupert Murdoch's News Group has agreed to pay damages to Paul McCartney's ex as part of the massive phone-hacking scandal by UK tabloids.

QNAPCrypt continues to spread via brute-force attacks.

A lack of a Bluetooth Low Energy (BLE) pairing mechanism leaves the smart IoT devices open to malicious manipulation.

Google is under fire after a report found that Google Home and Google Assistant records user audio, even when no wake-up word is used.

The tech giant addressed a widely publicized Zoom bug with an automatic update mechanism usually reserved for removing malware.

Apple has disabled the Walkie Talkie app from its Apple Watch products after a vulnerability was discovered enabling bad actors to eavesdrop on iPhone conversations.

Threatpost catches up with David Baker, the chief security officer at Bugcrowd, about the future of bug bounty programs.

GE Healthcare said an attacker could modify gas composition parameters within the devices' respirator function.