A new piece of information-stealing malware that appeared earlier this year has been rapidly gaining traction during the past few weeks, with hundreds of infection attempts being detected every day by antivirus vendors.
Stories by Lucian Constantin
Although the number of malicious browser extensions has significantly increased in the past year many security products fail to offer adequate protection against them, while others are simply not designed to do so, according to a security researcher.
Plug-ins based on the NPAPI architecture will be blocked by default in Chrome starting early next year as Google moves toward completely removing support for them in the browser.
A new version of the Apache Struts development framework released Friday fixes two problems that had developers worried.
A criminal gang attempted to plant a rogue hardware device on the network of a Santander bank branch in London to remotely control a computer and steal money.
Oracle added a feature in Java that lets companies control what specific Java applets are allowed to run on their endpoint computers, which could help them better manage Java security risks.
South Korean organizations that conduct research on international affairs, national security and Korean unification are under siege from cyberspies whose attack may have its origins in North Korea.
Adobe released security updates for Flash Player, Adobe Reader and Shockwave Player on Tuesday to address critical vulnerabilities that could allow attackers to take control of systems running vulnerable versions of those programs.
The fingerprint sensor in Apple's new iPhone 5S has the potential to enhance the security of the device, but the devil will be in the details.
Android malware is following in the footsteps of Windows malware with attackers adopting some of the same distribution and monetization techniques despite the major differences between the platforms.
The U.S. intelligence community is reportedly using a fifth of its US$52.6 billion annual budget to fund cryptography-related programs and operations.
The developers of the popular vBulletin commercial Internet forum software are investigating a potential exploit and advised users to delete the "install" directory from their deployments as a precaution.
Cisco Systems released security patches for Secure Access Control Server (Secure ACS) for Windows to address a critical vulnerability that could allow unauthenticated attackers to remotely execute arbitrary commands and take control of the underlying operating system.
The cyberattack that resulted in nytimes.com and some other high-profile websites being inaccessible to a large number of users Tuesday started with a targeted phishing attack against a reseller for Melbourne IT, an Australian domain registrar and IT services company.
A new Web-based service for cybercriminals automates the creation of fake scanned documents that can help fraudsters bypass the identity verification processes used by some banks, e-commerce businesses and other online services providers, according to researchers from Russian cybercrime investigations firm Group-IB.