Researchers say a variant of the notorious surveillance software called Pegasus has been targeting Android users allowing third parties to take screenshots, capture audio, read email and exfiltrate data from targeted phones.

Researchers at the Security Analyst Summit on Monday divulged details behind the alleged creator of a Romanian phishing kit.

Hackers pulled off a stunning compromise of a Brazilian bank’s operations, gaining control of each of the bank’s 36 domains, corporate email and DNS.

President Trump signed a resolution to complete the overturning of internet privacy protections that would of prevented ISPs from tracking you online without first asking users to opt-in.

Cisco Talos researchers spot a stealthy new remote administration tool calling ROKRAT that targets Korean-language Microsoft Word alternative Hangul Word Processor.

Mike Mimoso and Chris Brook recap the first day of this year’s Security Analyst Summit, including Mark Dowd’s memory corruption bug keynote, the digital archeology around Moonlight Maze, ATM hacking, and the Lazarus APT.

The Lazarus Group has splintered off a group whose mission is to attack banks and steal money in order to fund its operations.

Attackers behind February’s fileless malware attacks dropped malware on some bank ATMs that gave them the ability to dispense money, “at any time, at the touch of a button.”

The lines between between information shared between intelligence services, companies, and the government are getting increasingly blurry, a Georgetown professor warned.

At the Security Analyst Summit, Mark Dowd described how memory corruption mitigations are successfully driving up exploit development costs.