Researchers created a proof-of-concept attack that allows remote attackers to access protected APIs to extract credentials.

Verizon is the latest company to leak confidential data through an exposed Amazon S3 bucket.

600 gigabytes of information, including SQL database dumps, code, access logs, and customer information, belonging to BroadSoft and its client, TWC, was left online, accessible to anyone.

Thousands of resumes and job applications from U.S. military veterans, law enforcement, and others were leaked by a recruiting vendor in an unsecured AWS S3 bucket.

Attackers are using an exploit kit to spread the Zminer executable that downloads a cryptocurrency miner hosted in an Amazon S3 bucket.

Personal and business data belonging to Boston area meeting and hotel booking provider Groupize was discovered in a publicly accessible Amazon Web Services S3 bucket, which has since been locked down.

Almost 200,000 servers are still vulnerable to Heartbleed, the OpenSSL vulnerability patched nearly three years ago.

Spyware targeting overseas travelers seeking embassy information gets the boot from Google Play store after a security firm identifies four rogue apps.

Mike Mimoso, Tom Spring, and Chris Brook preview Black Hat 2016, including Ivan Krstic’s talk on Apple/iOS security, Dan Kaminsky’s keynote, IoT, PAC malware, and more. Download: Threatpost_Black_Hat_2016_Preview.mp3 Music by Chris Gonsalves

When it comes to cloud computing, APIs more or less drive everything, but in the eyes of some researchers, existing security controls around them haven’t kept pace. While individual components of a system can be secure, when that system gets deployed in the cloud it can often become insecure – and get worse at scale, according to Erik...