A critical Adobe flaw is being exploited in targeted attacks against Windows users.

The incident is another reminder that third-party software and services are an easy way for attackers to steal sensitive data.

Researchers said they now believe the malware has infected twice the number of router brands than previously stated and that the malware packs a much deadlier punch.

An exploit allows attackers to remotely overwrite archive files with their own content, and from there pivot to achieving remote command execution on the machine.

A glitch in Auth0 could allow attackers to spoof a legitimate website and collect sensitive information from visitors.

Scammers recently targeted Booking.com customers via WhatsApp messages and texts asking them for full payment for holidays.

An unspecified “private” server was found with the account data of users who signed up for the service, in the largest breach since Equifax last year.

An analysis of 10,000 mobile apps has found that a significant portion of them are open to web API hijacking – thanks to inconsistencies between app and server logic in web APIs.

More than 115,000 sites are still vulnerable to a highly critical Drupal bug – even though a patch was released three months ago.

Remote code execution vulnerabilities dominate this month’s critical Android patches.