Threatpost

The Coalition Against Stalkerware launched this week, with the aim of offering a centralized location for helping victims of stalkerware, as well as defining what stalkerware is in the first place.

In scope RCE Mozilla bug bounty payouts have also tripled to reach $15,000.

Linux users running the enterprise-search platform Solr are potentially vulnerable to remote code execution attack.

Further details of the flaw, which has recently been patched by Microsoft, were disclosed Tuesday by researchers.

The majority give outside partners, contractors and suppliers administrative access -- without strong security policies in place.

The passwords of more than 2.2 million users of a gaming and cryptocurrency website were dumped online after dual data breaches.

The infection apparently made its way in through third-party systems.

The list of routers that have critical RCE bugs, that have reached end of life and that won’t get fixed has grown.

Google has disclosed a now-fixed issue that enabled third-party apps to access a disturbing set of permissions for its Camera App built into Android phones.

The malware has backdoor functionality and the ability to steal payment cards and credentials.

An executable file disguised as a .jpg leads not only to ransomware but also its builder, which can be used to create variants.

Obfuscated Magecart script was discovered on two Macys.com webpages, scooping up holiday shoppers' payment card information.

Survey reveals that skepticism towards privacy issues remain at an all-time high.

The flaw can be trivially exploited.

Thousands of accounts showed up on hacking forums -- and customers say Disney has been no help.

Using a real Office 365 account at a legitimate company to send out lures helps phishers evade email defenses.

The web skimmer has been spotted on at least 17 popular eCommerce websites, a new Visa alert warns.

Threatpost talks to Anthony di Bello with OpenText, at ENFUSE 2019, about the successes and failures of security regulations, and how companies are changing as they struggle to keep up with compliancy issues.

White-hat hackers using never-before-seen zero days against popular applications and devices against competed at two-day gathering in Chengdu.

The copycat sites are using valid certificates to be more convincing.