The San Francisco Municipal Transport Agency says it has contained a ransomware attack, but now it faces new unsubstantiated claims by attackers who say they have 30GB of the agency’s data.

Researchers found a third of the top WordPress e-commerce plugins contain severe vulnerabilities tied to XSS cross-site scripting, SQL injection and file manipulation flaws.

An email scam tricked Yandex email recipients into thinking phishing emails were certified legit and from the Microsoft.com domain.

Qualcomm and HackerOne are partnering for a bug bounty program that pays out up to $15,000 for vulnerabilities found in chipsets used in smartphones made by Samsung, LG and HTC.

Mike Mimoso and Chris Brook discuss the news of the week, including this week’s House hearing on the Internet of Things, Samy Kamkar’s PoisonTap tool, and Windows 10’s ransomware protections.

Security experts warn iPhone call history data may be synced to iCloud accounts without user knowledge, making personal phone records an easy target for a determined third-party.

IBM introduced on Wednesday a new Cyber Range attack simulator during the opening of its global security headquarters in Cambridge, Mass.

Samy Kamkar’s latest hacking device, PoisonTap, can steal HTTP cookies from millions of websites and install persistent web-based backdoors.

The Carbanak cybercrime gang has shifted strategy and targets the hospitality and restaurant industries with new techniques and malware.

The FriendFinder Network has reportedly been hacked exposing 400 million user accounts of Adult FriendFinder, Penthouse.com and Stripshow.com.