A new variety of ransomware has recently appeared and is displaying some very unusual behavior, primarily by only targeting South Korean entities and actively ignoring any other potential victims.
Adobe Systems on Monday issued an emergency patch for a zero-day Flash Player vulnerability, after an APT group was discovered actively exploiting the bug as a means to infect machines with FinSpy surveillance malware.
A malicious Microsoft Word document, discovered making the rounds via email, infects victims with the Orcus Rat remote administrative tool by automatically downloading a secondary doc capable of executing an RCE exploit.
Apple's release of iOS 11 patched an out-of-bounds write vulnerability in Wi-Fi chips that, if exploited, could have allowed attackers within range to execute arbitrary code on the firmware.
Almost immediately following the disclosure of a critical Apache Struts bug last Tuesday, exploit code for the vulnerability was published online and attackers reportedly began exploiting the flaw.
The C&C infrastructures that cybercriminals rely on to compromise their victims can be just as vulnerable to exploits as the machines they infected in the first place, making them susceptible to possible retribution attacks.
WikiLeaks dumped more leaked CIA documents, publishing materials from a tool suite called Brutal Kangaroo that allows attackers to indirectly infiltrate a closed network or air-gapped computer using a compromised flash drive.
The AdGholas malvertising group conducted a new campaign in May and June 2017 using the Astrum EK to infect victims with Mole ransomware - an unusual change-up for these adversaries, who historically have favored banking trojans.
The Terror Exploit Kit is rapidly evolving, no longer bombarding victims with multiple exploits in scattershot fashion, but rather applying only the hacking tools that work best against a specific compromised machine.
The Shadow Brokers group that has been leaking alleged NSA hacking tools, is now threatening to launch a "Dump of the Month" service that will deliver more stolen tools and data to paying subscribers.
The information released has yet to be verified but revealed multiple zero days that Apple and Google said are being fixed.
Overwatch players can rest easier knowing that they can get a fair shake in their online battles after a thousands of hackers have been banned from the game.
The long-lived ElTest malware campaign that infects victims through compromised websites evolved once again in the last quarter of 2016, ending its use of exploit kit gates and obfuscation, according to researchers with Palo Alto Networks' Unit 42 threat research team.
Russian APT group Sofacy has upped the ante in its campaign to compromise organizations with its "DealersChoice" Flash Player exploit tool, even after Adobe patched a key Flash vulnerability that the tool was observed exploiting.
A recently discovered exploit kit called Stegano is infecting select machines via malicious banner ads that, by conservative estimates, have been delivered to over a million users in just the last two months.
A newly discovered malware program that targets older versions of the Android OS has infected roughly 1.3 million Google accounts, currently breaching devices at a clip of 13,000 victims per day.
White hat hackers invited to squash bugs in processors from chip vendor Qualcomm in a bid to fix the "Achilles Heel" of the IT industry.
Researchers have discovered a major vulnerability in Cryptesetup utility that can impact many GNU/Linux systems that just requires the enter key to be pressed for about 70 seconds.
Security researcher Samy Kamkar rolled out a hacking tool dubbed PoisonTap that can crack into a locked computer fully exposing the device to a myriad of potential hacking problems.
Researchers exploited vulnerabilities in Google's Pixel phone, Apple's Safari browser, and Microsoft Edge browser at the PwnFest 2016 hacking event.
Last week we took the 100,000 foot level view of the relatively new floki bot. This bot - allegedly modeled after Zeus 22.214.171.124 is selling in the underground marketplaces for around $1,000.
Ten days after privately disclosing an actively exploited, critical Windows vulnerability to Microsoft Corporation, Google's Threat Analysis Group went public with the flaw, despite the lack of a patch.
Russian hackers are employing zero-day exploits to infect target networks, according to security researchers at ESET.
Security researchers published details of the exploit in a research report entitled "Jump Over ASLR: Attacking the Branch Predictor to Bypass ASLR."
Oracle released its latest batch of patches on Tuesday to address 253 security vulnerabilities for 76 products.
Hackers exploited security vulnerabilities and weak passwords to burrow their way into a number of e-commerce sites, including that of the National Republican Senatorial Committee.