Threatpost

The groups, all tied to the Winnti supply-chain specialist gang, were seen using the same Linux rootkit and backdoor combo.

Voting machine technology seller Election Systems & Software (ES&S) offered an olive branch to security researchers with new safe harbor terms and vulnerability disclosure policies at Black Hat USA 2020.

A vulnerability in Twitter for Android could have allowed attackers to access private direct messages (DMs) and other data.

Voting Village security celeb Matt Blaze delves into the logistics of scaling up mail-in voting ahead of November's election.

The explosion of open-source AI models are lowering the barrier of entry for bad actors to create fake video, audio and images - and Facebook, Twitter and other platforms aren't ready.

Google addressed high-severity and critical flaws tied to 54 CVEs in this month's Android security bulletin.

An attacker can hide amidst legitimate traffic in the application's update function.

The agency known for its own questionable surveillance activity advised how mobile users can limit others’ ability to track where they are.

During Black Hat USA 2020, Threatpost talks to Sherrod DeGrippo, with Proofpoint, about Emotet's recent return -and how a cyber vigilante is attempting to thwart the malware's comeback.

The ransomware has surged since moving to a RaaS model.

An XSS bug and a PHP object-injection vulnerability are present in a plugin used by hundreds of thousands of websites.

The potential FTC fine comes after Twitter last year acknowledged that user emails and phone numbers were being used for targeted advertising.

COVID-19 pandemic spurs spoofing preference changes, plus a surge in email-based attacks.

Andrew Ginter, VP Industrial Security at Waterfall Security Solutions, talks about the differing priorities between IT and OT security teams as industrial control systems become connected.

Starting Sept. 1, Google will crack down on misinformation, a lack of transparency and the ability to amplify or circulate politically influential content.

Almost two months after a high-severity flaw was disclosed - and seven months after it was first reported - Netgear has yet to issue fixes for 45 of its router models.

The ransom for the decryptor key in the WastedLocker attack could have topped $10 million, sources said.

With Black Hat USA 2020 kicking off this week, Erez Yalon with Checkmarx talks about newly disclosed, critical vulnerabilities in Meetup.com - and why they are the "holy grail" for attackers.

Researchers disclosed critical flaws in the popular Meetup service at Black Hat USA 2020 this week, which could allow takeover of Meetup "Groups."

The flaws have been confirmed by Grandstream, but no firmware update has yet been issued.