Threatpost

CVE-2019-11043 is trivial to exploit -- and a proof of concept is available.

A Magecart skimmer, discovered on the site of First Aid Beauty, was only just removed after being in place for five months.

Attacks are targeting international companies in the financial sector, demanding that victims pay ransom in Bitcoin.

Senators penned a letter to the FTC urging it to investigate whether Amazon is to blame for the massive Capital One data breach disclosed earlier this year.

A smart mobile-first phishing effort uses valid certificates to sign fake Office 365 pages, and logs keystrokes in real time.

From hacking hotel room robots to crackdowns on stalkerware apps, Threatpost editors break down this week's top news stories.

Targeted ransomware, mobile malware and other attacks will surge, while companies will adopt AI, better cloud security and cyber insurance to help defend and protect against them.

An open cloud database sets the stage for phishing attacks for users of the subscription service.

Potential follow-on attacks on religious organizations could include credit-card theft via spearphishing, fraud and network intrusion.

A new information stealer is gaining rapid popularity with the cybercriminal community - leading to it infecting hundreds of millions of victims.

Scammers are targeting those hoping for #CashAppFriday "blessings."

Samsung is reportedly rolling out fixes for a glitch that allowed anyone to dupe its Galaxy S10 fingerprint authentication sensor.

Consumers don't vet apps well enough to mitigate mobile threat risk, according to the latest mobile-threat report from RiskIQ

Researchers have uncovered malware in 17 iOS apps that were removed from Apple's official App Store.

An unsecured NFC tag opens a door to trivial exploitation of robots inside Japanese hotels.

Two high-severity vulnerabilities in a Fujitsu wireless keyboard expose passwords and allow keystroke injection attacks.

With DoubleClick, Analytics and AdWords under its belt, Google continues dominating when it comes to global data collection for advertising, a new report found.

Multiple critical memory safety bugs in Firefox 69 and Firefox ESR 68.1 in particular affect medium and large government entities and enterprises.

A fresh look at the penetration testing tool Metasploit reveals the 15-year old hacking tool still has some tricks up its sleeves, even against modern defenses.

The FTC has banned the sale of three apps - marketed to monitor children and employees - unless the developers can prove that the apps will be used for legitimate purposes.