Threatpost

The upcoming deadlines for applying for coronavirus relief are the lure for a phish that gets around email security gateways by using a legitimate SharePoint page for data-harvesting.

Researchers disclosed the 'WarezTheRemote' attack, affecting Comcast's XR11 voice remote control.

At SAS@Home, Luta Security CEO Katie Moussouris stressed that bug bounty programs aren't a 'silver bullet' for security teams.

Smart sex toy vulnerable to hacks, researchers say -- which could expose users’ most sensitive bits (of data) to cybercriminals.

The Magecart spinoff group targeted the wireless service provider in an odd choice of victim.

Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks.

The attack on eResearchTechnology potentially slowed down coronavirus research worldwide, and researchers suggest a nation-state actor could be behind the incident.

The fileless attack uses a phishing campaign that lures victims with information about a workers' compensation claim.

A researcher claims that the issue can be exploited by attackers in order to gain root access.

Team Showcase, a sister plugin, is also vulnerable to the XSS and PHP object-injection bugs -- together they have 66,000 installs.

The cryptojacking malware variant builds on the TeamTNT group’s typical approach, with a few new — and sophisticated — extras.

AgentTesla, LimeRAT, W3Cryptolocker and Redline Stealer are now using Paste.nrecom in spear-phishing attacks.

The MosaicRegressor espionage framework is newly discovered and appears to be the work of Chinese-speaking actors.

A variant of the Mirai botnet, called Ttint, has added espionage capabilities to complement its denial-of-service functions.

The two alleged leaders of Team Xecuter targeted popular consoles like the Nintendo Switch, the Sony PlayStation Classic and Microsoft Xbox.

The newly discovered ransomware is hitting companies worldwide, including the GEFCO global logistics company.

Phishing emails tell recipients that their voter's registration applications are incomplete - but instead steal their social security numbers, license data and more.

Account takeover fraud (ATO) attacks are on the rise, up nearly 300 percent since last year.

Financial institutions, cyber-insurance firms, and security firms have all been put on notice by the U.S. Department of the Treasury.

Eleven different malware families are coordinating on distribution, features, geo-targeting and more.