Threatpost

The information exposed in a public cloud bucket included PII, church-donation information, photos and users' contact lists.

Domains related to the new variant of the Grelos web skimmer have compromised dozens of websites so far.

The company patched a vulnerability that could connected video and audio calls without the knowledge of the person receiving them.

Researchers have unveiled an attack that allows attackers to eavesdrop on homeowners inside their homes, through the LiDAR sensors on their robot vacuums.

Bug hunters at GitHub Security Labs help shore up German contact tracing app security, crediting open source collaboration.

The vulnerable version of the app, which has 100 million users, uses easily predictable URLs to link to private content.

Watch out for these top phishing approaches this holiday season.

The Code42 Incydr data risk detection and response solution focuses on giving security teams simplicity, signal and speed.

A reported ransomware attack took down operations at the company, which in talks for COVID-19 vaccine-distribution contracts.

Security experts praised the newly approved IoT law as a step in the right direction for insecure connected federal devices.

Threat actors mount year-long campaign of espionage, exfiltrating data, stealing credentials and installing backdoors on victims’ networks.

While the industry focus is on vehicle hacking, when it comes to the automotive industry cybercriminals are opting for less complex and sophisticated attacks - from phishing to ransomware.

WordPress websites using buggy Epsilon Framework themes are being hunted by hackers.

The department has said no thanks to the Clearview AI platform, after an expose showing that officers had used it 475 times during a trial period alone.

Cisco patched the Webex flaw, as well as three critical-severity vulnerabilities, in a slew of security updates on Wednesday.

Overall Google's Chrome 87 release fixed 33 security vulnerabilities.

President Trump fired US cybersecurity chief over Twitter Tuesday, an act widely condemned within the cybersecurity community.

Four industrial control system vendors each announced vulnerabilities that ranged from critical to high-severity.

This is the time to define the new normal; having well-defined policies in place will help businesses maintain its security posture while bolstering the security of the ever-increasing work-from-home population.

After the breakout of the COVID-19 pandemic, mobile phishing attacks targeting pharmaceutical companies have shifted their focus from credential theft to malware delivery.