Banking Trojan Retefe is adopting new WannaCry tricks, adding an EternalBlue module to propagate the malware.

The U.S. Securities and Exchange Commission said this week that hackers managed to infiltrate one of its systems last year, something that likely facilitated insider trading.

APT33 targets petrochemical, aerospace and energy sector firms based in U.S., Saudi Arabia and South Korea with destructive malware linked to StoneDrill.

Proof-of-concept malware called aIR-Jumper can be used to bypass air-gapped network protections and send data in and out of network.

An undocumented Microsoft Office feature allows for spying via specially crafted Word documents—no macros, exploits or any other active content needed.

A rogue version of the WordPress plugin called “Display Widget” allowed third-parties to injecting spam advertising content into victims’ sites.

D-Link router model 850L has 10 vulnerabilities that could allow a hacker to gain remote access and control of device, according to researcher.

A new variant of the banking trojan Dridex is part of a sophisticated phishing attack targeting users of the cloud-based accounting firm Xero.

Researchers say a 18-year-old programming error by Microsoft is creating a kernel bug that can be abused by an attacker.

The Apache Software Foundation released a patch on Tuesday for a critical vulnerability impacting all versions of Struts since 2008.