The plugin, installed on hundreds of thousands of sites, allows anyone to filch database info without having to be logged in. [...]

Several mobile apps, some with 10 million downloads, have opened up personal data of users to the public internet – and most aren't fixed. [...]

Enterprises are embracing on-demand freelance help – but the practice, while growing, opens up entirely new avenues of cyber-risk. [...]

The newly discovered malware infects IoT devices in tandem with the prolific Gafgyt botnet, using known security vulnerabilities. [...]

Attackers can take advantage of the fact these apps access, gather, store and transmit more information than any other app their victims have installed. [...]

Keynoters from Cisco, Netflix and RSA highlighted lessons from the last year, and cybersecurity's new mandate in the post-pandemic world: Bounce back stronger. [...]

The advanced Brazilian malware has gone global, harvesting bank logins from Android mobile users. [...]

The financially motivated cybercrime gang behind the Carbanak RAT is back with the Lizar malware, which can harvest all kinds of info from Windows machines. [...]

An analysis of three popular forums used by ransomware operators reveals a complex ecosystem with many partnerships. [...]

The campaign is harvesting screenshots, keystrokes, credentials, webcam feeds, browser and clipboard data and more, with RevengeRAT or AsyncRAT payloads. [...]

A new type of fraud is spiking across the platform: Selling fake vax records to people who want to lie their way into places where proof of vaccine is required. [...]

Microsoft's May 2021 Patch Tuesday updates include fixes for four critical security vulnerabilities. [...]

An ingenious attack on Android devices self-propagates, with the potential for a range of damage. [...]

The sophisticated threat is targeting Microsoft Exchange servers via ProxyLogon in a wave of fresh attacks against North American targets. [...]

A malicious app can exploit the issue, which could affect up to 30 percent of Android phones. [...]

The networking giant has rolled out patches for remote code-execution and command-injection security holes that could give attackers keys to the kingdom. [...]

'Spam protection, AntiSpam, FireWall by CleanTalk' is installed on more than 100,000 sites -- and could offer up sensitive info to attackers that aren't even logged in. [...]

Remote code execution, privilege escalation to root and lateral movement through a victim's environment are all on offer for the unpatched or unaware. [...]

The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to China, to attack U.S. defense targets among others. [...]

The privilege-escalation bug remained hidden for 12 years and has been present in all Dell PCs, tablets and notebooks shipped since 2009. [...]

The San Diego-based hospital system diverted ambulances to other medical centers after a suspected ransomware attack. [...]

The stealthy backdoor is likely being used by Chinese APTs, researchers said. [...]

The KDC-spoofing flaw tracked as CVE-2021-23008 can be used to bypass Kerberos security and sign into the Big-IP Access Policy Manager or admin console. [...]

A coalition of 60 global entities (including the DoJ) has proposed a sweeping plan to hunt down and disrupt ransomware gangs by going after their financial operations. [...]

The internet behemoth rolled out the Chrome 90 stable channel release to address this and eight other security vulnerabilities. [...]