The Tor Project has provided a browser update that patches a zero-day vulnerability being exploited in the wild to de-anonymize Tor users.

PayPal fixed an issue that could have allowed an attacker to hijack OAuth tokens associated with any PayPal OAuth application. The vulnerability was publicly disclosed on Monday by Antonio Sanso, a senior software engineer at Adobe, after he came across the issue while testing his own OAuth client. For its part, PayPal remedied the vulnerability about...

Vulnerabilities in UberCENTRAL, a portal used by businesses to facilitate rides, could have leaked the names, phone numbers, email addresses, and unique IDs.

Security experts warn iPhone call history data may be synced to iCloud accounts without user knowledge, making personal phone records an easy target for a determined third-party.

A lobbying organization sent a letter to President-Elect Donald Trump, asking him to support the expansion of strong encryption and reform government surveillance activities.

The FriendFinder Network has reportedly been hacked exposing 400 million user accounts of Adult FriendFinder, Penthouse.com and Stripshow.com.

Academics audited the popular end-to-end encryption app Signal and their findings are encouraging.

Yahoo’s latest SEC filing includes confirmation that it knew attackers were on its network in 2014 and stole information on 500 million accounts.

A phishing campaign is targeting some of the 22 million victims of the massive United States Office of Personnel Management breaches of 2014 and 2015.

In a deep analysis of RIG, Cisco Talos team outlined the way the exploit kit combines different web technologies such as DoSWF, JavaScript, Flash and VBscript to obfuscate attacks.