Threatpost

Four have been arrested in the case.

Browsers Firefox and Edge take a beating on day two of the Pwn2Own competition.

Google has snagged three security and privacy certifications for Google Play as it tries to appeal to enterprises despite numerous malicious apps and security issues.

Users of the open-source project should upgrade immediately.

Hacked drones are breaching physical and cyberdefenses to cause disruption and steal data, experts warn.

The unpatched vulnerabilities exist in 20 products made by the popular Medtronics medical device manufacturer, including defibrillators and home patient monitoring systems.

The plugin, Social Warfare, is no longer listed after a cross site scripting flaw was found being exploited in the wild.

On the first day of Pwn2Own 2019 hackers poked holes in Apple Safari, VMware Workstation and Oracle VirtualBox.

The social media giant said that it is notifying users whose passwords it stored in plain text, which made them accessible for Facebook employees to view.

In both breaches of MyPillow and Amerisleep, the customers whose payment information was potentially stolen were not informed.

The most serious vulnerabilities in Cisco's 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem.

Researchers said 1 million user sessions could have been exposed to the campaign, which downloads the Shlayer trojan.

Experts from Gartner, Lookout and Google talk enterprise mobile security in this webinar replay.

The campaign, codenamed “Bad Tidings,” has sought out victims’ credentials with clever fake landing pages pretending to be the Saudi Arabian Ministry of Interior’s e-Service portal.

Despite the 2018 crackdown on Fin7, the cybercrime group has been ramping up its efforts with two new malware samples and an attack panel.

Until a report this week, Uber's Surfcam's use was thought to be limited to incidents uncovered in Singapore in 2017. For its part, Uber denies that it's a "spyware."

A long-quiet malware family has been spotted targeting financial technology firms, armed with new obfuscation techniques to avoid detection.

Some of the flaws would allow remote code-execution.

Threatpost talks to Phil Neray with CyberX about Tuesday's ransomware attack on aluminum producer Norsk Hydro, and how it compares to past manufacturing attacks like Triton, WannaCry and more.

Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.