Wix websites are vulnerable to reflective DOM cross-site scripting attack that could give attackers control of user’s websites.

Cisco Talos identified the Sundown exploit kit as an up-and-coming contender that may soon rival RIG in terms of size and volume.

A variant of the Nymaim dropper has surfaced, and it includes new delivery methods, obfuscation techniques, and the use of PowerShell to download payloads.

The Shadowbrokers dumped lists of hacked servers compromised by the Equation Group and allegedly used in its campaigns.

A buffer overflow found in the Mirai botnet could eliminate its ability to carry out HTTP flood attacks. But exploiting that vulnerability puts defenders in a gray area with regard to hacking back.

Microsoft announced it has extended a feature in Office 2016 that protects against malicious macros to Office 2013.

In a lawsuit against short seller Muddy Waters and security firm MedSec, plaintiff St. Jude Medical faces fresh claims that its heart devices are vulnerable to hacks.

Researchers have demonstrated how the PC-based Rowhammer attack also works against Android devices.

DNS providers Dyn suffered a DDoS attack this morning that affected many of its major customers including Twitter, Spotify, Github and others. Services have been restored as of 9:36 a.m. today.

Microsoft malware researchers say Locky ransomware authors are changing tactics again to evade detection.