An exploit allows attackers to remotely overwrite archive files with their own content, and from there pivot to achieving remote command execution on the machine.

A glitch in Auth0 could allow attackers to spoof a legitimate website and collect sensitive information from visitors.

Scammers recently targeted Booking.com customers via WhatsApp messages and texts asking them for full payment for holidays.

An unspecified “private” server was found with the account data of users who signed up for the service, in the largest breach since Equifax last year.

An analysis of 10,000 mobile apps has found that a significant portion of them are open to web API hijacking – thanks to inconsistencies between app and server logic in web APIs.

More than 115,000 sites are still vulnerable to a highly critical Drupal bug – even though a patch was released three months ago.

Remote code execution vulnerabilities dominate this month’s critical Android patches.

Social media data privacy controls were the top security topic at Apple’s WWDC on Monday.

In the wake of the elimination of the federal cybersecurity czar position, it turns out that three-quarters of agencies are unprepared for an attack.

It’s a cautionary tale for those coding the complex algorithms that go into automated mitigation.