Threatpost

A $5 billion class-action lawsuit filed in a California federal court alleges that Google's Chrome incognito mode collects browser data without people’s knowledge or consent.

Researchers are warning of spear-phishing emails with CV lures that spread the ZLoader malware, which steals banking credentials from victims.

The newly discovered USBCulprit malware is part of the arsenal of an APT known as Cycldek, which targets government entities.

An attack over the weekend unsuccessfully targeted 1.3 million WordPress websites, in attempts to download their configuration files and harvest database credentials.

The stealthy backdoor is delivered via mass-market phishing emails that are well-crafted to appear convincing.

Researchers warn of critical flaws in SAP's Sybase Adaptive Server Enterprise software.

Increase of 37 percent from Q4 2019 to Q1 2020 attributed to creation of remote workforce due to COVID-19 stay-at-home orders.

Full backup copies of website, including all user data, was exposed for 2,700 JRD users.

Google and Qualcomm both addressed significant vulnerabilities in their June updates.

Cisco has patched a high-severity flaw that could lead to denial-of-service attacks on its Nexus switch lineup.

At least 26 different open-source code repositories were found to be infected with an unusual attack on the open-source software supply chain.

The zero-day vulnerability tracked as CVE-2020-9859 is exploited by the "Uncover" jailbreak tool released last week.

DivvyCloud discusses the changing nature of identity access management (IAM) - and what kind of challenges and opportunities that is creating for businesses.

Apple has fixed a critical flaw in its Sign in with Apple feature, which could have been abused by attackers to takeover victims' third-party applications.

Troy Hunt said that the supposed data breach perpetrated by Anonymous is most likely a hoax.

Database of sensitive info, including emails and passwords, from owners of Daniel’s Hosting portals could be incriminating.

Ongoing spear-phishing attacks aim at stolen Windows credentials for ICS suppliers worldwide.

Attackers managed to compromise NTT Communication’s Active Directory server and a construction information management server.

The Russian spy group, a.k.a. BlackEnergy, is actively compromising Exim mail servers via a critical security vulnerability.

Google TAG report reveals that "hack for hire" firms are tapping into the coronavirus pandemic via WHO phishing lures.