Threatpost

The Mozilla Foundation releases Firefox 88, fixing 13 bugs ranging from high to low severity.

The second-largest auto insurance provider in the U.S. has since fixed the vulnerability that exposed information from its website.

The malware seems like a silly coding lark at first, but further exploration shows it can wreak serious damage in follow-on attacks.

Our new eBook goes beyond the status quo to take a look at the evolution of ransomware and what to prepare for next.

Sivan Tehila, cybersecurity strategist at Perimeter 81, discusses climate change and the cyber-resilience lessons companies should take away from dealing with the pandemic.

Two cyberattack campaigns are making the rounds using unique social-engineering techniques.

A malicious ‘Jungle Run’ app tricked security protections to make it into the Apple App Store, scamming users out of money with a casino-like functionality.

Widely deployed platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware are all in the crosshairs of APT29, bent on stealing credentials and more.

Matt Bromiley, senior principal consultant with Mandiant, offers checklists for how small- and medium-sized businesses (SMBs) can identify and clear ProxyLogon Microsoft Exchange infections.

The zero-day flaw research group has revised its disclosure of the technical details of vulnerabilities in the hopes of speeding up the release and adoption of fixes.

A 100-day race to boost cybersecurity will rely on incentives rather than regulation, the White House said.

The IoT-targeted malware has also added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices.

Threat actors targeted compromised Exchange servers to host malicious Monero cryptominer in an “unusual attack,” Sophos researchers discovered.

The vulnerability is triggered when a cloud container pulls a malicious image from a registry.

Not a Gouda situation: An attack on a logistics firm is suspected to be related to Microsoft Exchange server flaw.

In a veritable cyber-SWAT action, the Feds remotely removed the infections without warning businesses beforehand.

Joseph Carson, chief security scientist at Thycotic, discusses the death of data privacy and what comes next.

Search-engine optimization (SEO) tactics direct users searching for common business forms such as invoices, receipts or other templates to hacker-controlled Google-hosted domains.

Microsoft fixes 110 vulnerabilities, with 19 classified as critical and another flaw under active attack.

How this class of vulnerabilities will impact millions connected devices and potentially wreck the day of IT security professionals.