The developer of uTorrent for Windows and uTorrent Web has been scrambling to issue patched versions of the BitTorrent-based peer-to-peer fire-sharing apps after Google Project Zero researcher Tavis Ormandy found critical vulnerabilities that can result in remote code execution and information disclosure upon visiting malicious websites.
Exclusive: Researchers say Kaspersky web portal exposed users to session hijacking, account takeovers
Security researchers say they discovered several vulnerabilities and security lapses in Kaspersky Lab's my.kaspersky.com web portal earlier this month, adding that the flaws exposed users to potential session hijackings and account takeovers.
A researcher who in 2016 uncovered roughly 500 bots programmed to automatically create Twitter posts advertising pornography has found that about 20 percent of them were still active two years later.
A Latvian national who at one point was the fifth most wanted cybercriminal in the U.S. pleaded guilty this week in federal court to supporting a scareware scheme targeting users of the Minneapolis Star Tribune's website.
The internet now has two front pages, but one is a fake created to scam Reddit fans or as phishing bait.
Despite its relatively small pool of viable targets, the malicious Windows-based downloader Hancitor continues to surface in malspam campaigns that recently have relied heavily on distribution servers set up via fraudulent hosting provider accounts, a new blog post report states.
Breaking from typical ransomware distribution tactics, the attackers behind the new malicious cryptor GandCrab are relying on a pair of exploit kits - RIG EK and GrandSoft EK - to infect unwitting victims.
Google's latest stable channel update for the Chrome browser on Windows, Mac and Linux desktop machines includes fixes for 53 security issues, including three high-severity vulnerabilities.
A massive malvertising operation bought an estimated 1 billion ad views in 2017 under the guise of 28 different fake ad agencies, in what a new report is calling the largest operation of its kind last year.
More than a half-million workstations at major global organizations were reportedly found infected with malicious Chrome web browser extensions that were likely used to commit click fraud and search engine optimization manipulation.
The popular Bitcoin client Electrum has developed a patch for a critical vulnerability that allows malicious websites to steal from digital wallets that are not password-protected.
In addition to hiding cryptocurrency miners in the coding of websites, malicious actors may also increasingly conceal them within advertisements appearing on these sites, according to a new report from CoinDesk, citing the Israeli adtech firm Spotad.
Attackers have exploited an old WordPress vulnerability to infect more than one thousand websites with malware capable of injecting malvertising and even creating a rogue admin user with full access privileges, according to researchers.
The image sharing and hosting service Imgur was breached in 2014, resulting in the theft of roughly 1.7 million user email addresses and passwords, the company confirmed last Friday in an online notification.
When Facebook debuted a new polling feature earlier this month, it also introduced a vulnerability that could have allowed a malicious actor to delete any photo saved to the social media site.
Online retailer AliExpress fixed a vulnerability in its online shopping portal last October after researchers discovered a way to inject a fake coupon designed to phish sensitive information from those who receive it.
Pro-ISIS hackers illegally accessed a web hosting provider and defaced the websites of roughly 800 U.S. schools on Monday, according to various news reports.
Asian entertainment website Crunchyroll.com is blaming a DNS hijack attack, after site visitors in the early morning of Nov. 4 were redirected to a malicious website designed to infect them with malware.
Google issued a public apology on Thursday after a bug mistakenly caused its defenses against malware, phishing, and spam to block some users' access to Google Docs files.
A Disney-branded internet filter underwent automatic patching after researchers discovered multiple vulnerabilities that could have exposed users to cyberattacks, researchers from Talos have reported.
Make-up company Tarte Cosmetics exposed the personal information of nearly two million online customers after two of its online MongoDB databases were reportedly misconfigured for public access.
Dell computer users could have possibly been exposed to malware last summer after visiting a third-party customer support website whose domain was suddenly taken over by an unaffiliated company
Microsoft is claiming that the latest version of Windows 10, the Fall Creator's Update, is the most secure version of the operating system yet released.
Russian dark web marketplace Ultimate Anonymity Services was recently observed selling more than 35,000 compromised RDP servers, which cybercriminals can leverage to anonymize themselves or to directly access victims' networks.
A cybercriminal group identifying itself as Phantom Squad has launched an email-based extortion campaign against thousands of businesses, threatening to debilitate their websites with a DDoS attack on Sept. 30 if they do not pay a ransom of .2 bitcoins.
Hackers breached the U.S. Securities and Exchange Commission's EDGAR document filing system and may have used nonpublic information stored on the database to profit from insider trading, the regulatory body disclosed on Wednesday.