Researchers said good social engineering and users’ trust in the convenience afforded by the OAUTH mechanism guaranteed Wednesday’s Google Docs phishing attacks would spread quickly.

Security researchers say the Blackmoon banking Trojan targeting exclusively South Korean financial institutions has developed a new malware infection technique.

A zero day vulnerability exists in WordPress Core that in some instances, could allow an attacker to reset a user’s password and in turn, gain access to their account.

Google has removed offending accounts involved in a widespread phishing attack today impersonating Google Docs.

Travel services company Sabre Corp. said in a SEC filing that its investigating a data breach in its Hospitality Solutions reservation system.

Embedi, which is behind the Intel AMT vulnerability revealed Monday, seeks to clarify “baseless assumptions” being made about the flaw.

NIST’s latest password guidelines focus less on length and complexity of secrets and more on other measures such as 2FA, throttling, and blacklists.

New clues surface on Shamoon’s ability steal credentials ahead of attacks.

USB drives shipped with some IBM’s Storwize storage products are infected with malware, and the tech giant advises customers destroy the devices.

Neustar’s annual DDoS attack report says businesses can lose $2.5M on average detecting and mitigating DDoS attacks.