A 400 percent surge in tax-related phishing and malware incidents is making this tax season the most treacherous yet for taxpayers. According to an Internal Revenue Service bulletin, this year’s attacks include the tried-and-true email phishing, but also newer forms of attacks that include bogus text messages and attempts to trick people into handing over...

A researcher at IOActive believes the U.S. intelligence community has the capability to carry out a delicate hardware hack that could unlock the iPhone 5c at the center of the current FBiOS debate. The attack requires considerable financial resources and acumen with an intrusive attack against the device’s chip in order to extract enough data...

Threatpost editor Mike Mimoso talks with Dewan Chowdhury, the founder and CEO of MalCrawler, about hacking power grids and a honeypot they built to mimic an energy management system. [embedded content]

Source code for the potent Android malware GM Bot has been leaked to underground forums, according to IBM security experts. The impact, IBM X-Force threat intelligence says, will be an uptick in GM Bot variants and the number of attacks targeting financial applications on Android-based devices. Limor Kessem, a cybersecurity analyst with IBM Trusteer, said...

Attackers managed to hijack the website of the Linux Mint operating system to push a backdoored ISO image of the software to users over the weekend. The developers behind the software, one of, if not the most popular Linux distribution, are unsure what the hackers are aiming to achieve by the move but acknowledge that...

Exploit kits infecting thousands of WordPress websites are setting their sights on the open-source content management system Joomla in a new campaign spotted by a researcher at the SANS Institute’s Internet Storm Center. “The group behind the WordPress ‘admedia’ campaign is now apparently targeting Joomla sites,” said Brad Duncan, security researcher at Rackspace. “We are starting...

Threatpost editor Mike Mimoso talks with Christopher Ahlberg, CEO, Recorded Future about tracking cybercriminals through patterns on hacker forums. [embedded content]

A critical vulnerability impacting 50 million Android users running the popular AirDroid application has been patched. AirDroid, an app that allows you link an Android device to a computer and send SMS messages, run apps and add contacts via a Wi-Fi connected web browser, released the patch Jan. 29. Check Point security researchers disclosed the AirDroid...

Mike Mimoso and Chris Brook discuss the week in news, including the iPhone encryption debacle, the glibc Linux vulnerability, and the latest ransomware headlines. Download: Threatpost_News_Wrap_February_19_2016.mp3 Music by Chris Gonsalves

Just when you thought it was safe to dive back into the Comodo waters, Google researcher Tavis Ormandy has surfaced with more trouble. Publicly disclosed yesterday on the Google Project Zero site, Ormandy said that a tech support application called GeekBuddy installed with Comodo Internet Security also drags along with it a VNC server that...