Threatpost

A new lawsuit alleges that Google’s G Suite for Education program covertly collects data from students, violating both COPPA and other data privacy regulations.

When patched last week, the bug affected at least 1 million websites. Zero-day exploits were going on then.

From data privacy to industrial IoT cybersecurity concerns, Threatpost editors discuss the top stories they expect to see at this year's RSA Conference, which kicks off next week in San Francisco.

Scammers are posing as event organizers in a sophisticated fraud effort.

The incident cut off access to e-mail and shared IT services across customer sites of the multinational Denmark-based facility-management firm.

Eight apps - mostly camera utilities and children's games - were discovered spreading a new malware strain that steals data and signs victims up for expensive premium services.

The Google Play apps violated the tech behemoth's disruptive advertising policies.

A default password would let anyone access the Cisco Smart Software Manager On-Prem Base platform, even if it's not directly connected to the internet.

Exaggerated Lion, a newly discovered cybercrime group, uses new and unique tactics to target U.S. companies in BEC attacks.

Two critical Adobe vulnerabilities have been fixed in Adobe After Effects and Adobe Media Encoder.

This week a hacking forum posted data from the breach—which included personal and contact details for celebrities, tech CEOs, government officials and employees at large tech companies.

The attack took a gas compression facility offline for two days, disrupting the supply chain.

More than 55 percent of medical imaging devices - including MRIs, XRays and ultrasound machines - are powered by outdated Windows versions, researchers warn.

A new Emotet campaign is spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan.

The third catfish attempt in three years from the Palestinian militant group adds a few technical advances to the mix.

Cynet Free Threat Assessment spotlights critical, exposed attack surfaces and provides actionable knowledge of attacks that are currently alive and active.

Traditional e-mail based scams are also in the mix this year, one in particular that uses the legitimate app TeamViewer to take over victims’ systems.

OurMine took over the Spanish powerhouse soccer team's Twitter account.

Ring outlined new security and data privacy measures, Tuesday, following backlash of the connected doorbell in the past year.

APT34/OilRig and APT33/Elfin have established a highly developed and persistent infrastructure that could be converted to distribute destructive wiper malware.