Attackers have taken to Facebook Messenger with a combination of social engineering and malicious JavaScript to spread adware.

An insecure Apple authorization API is used by numerous popular third-party application installers and can be abused by attackers ro run code as root.

Zerodium announced new $500,000 payouts for zero days in secure messaging apps such as Signal, WhatsApp and others.

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Flashpoint warns of a new business email compromise campaign targeting organizations in various industries with the aim of harvesting credentials.

Researchers say the Neptune, or Terror exploit kit has been spreading Monero cryptocurrency miners via malvertisements.

More than 500 Android mobile apps have been removed from Google Play after it was discovered that an embedded advertising SDK called Igenix could be leveraged to quietly install spyware on devices.

Foxit Software says it will fix two vulnerabilities in its PDF reader products that could be triggered through its JavaScript API to execute code.

VoIP vendor Fuze earlier this year patched three vulnerabilities that exposed user account information and enabled unauthorized authentication.

Researchers at IOActive are sounding an early alarm on the security of industrial collaboration robots, or cobots. These machines work side-by-side with people and contain vulnerabilities that could put physical safety at risk.