The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.

SEGA's disclosure underscores a common, potentially catastrophic, flub — misconfigured Amazon Web Services (AWS) S3 buckets.

A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.

Researchers said the group was able to move from initial phish to full domain-wide encryption in just five hours.

Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a "missed chat" from Microsoft Teams.

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

The RCE bug affects versions below 4.4 of the Slack desktop app. A critical vulnerability in the popular Slack collaboration app would allow remote code-execution (RCE). Attackers could gain full ...

There are five different pillars to implement when moving to a modern, zero-trust security model. Employees are demanding that employers enable flexible workstyles. Apps are moving to the cloud. A ...

A proof-of-concept attack has been pioneered that “fully and practically” breaks the Secure Hash Algorithm 1 (SHA-1) code-signing encryption, used by legacy computers to sign the certificates ...

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

Microsoft is urging users to patch a zero-day vulnerability dubbed Dogwalk that is actively being exploited in the wild. The bug (CVE-2022-34713) is tied to a Microsoft Windows Support Diagnostic ...

From more widescale, powerful distributed denial of service (DDoS) attacks, to privacy issues in children's connected toys, here are the top IoT disasters in 2019.