A domain name system server implementation is at risk of remote code execution, information exposure and denial-of-service attacks after a seven vulnerability were disclosed by Google and patched by the maintainers of Dnsmasq.

Over 4,000 insecure Elasticsearch servers have been hosting the point-of-sale malware Alina and JackPoS.

A new crawler from Shodan and Recorded Future called Malware Hunter seeks out command and control servers managing endpoints infected with remote access Trojans and other malware.

Spiral Toys has filed a breach notification with the California Attorney General’s office informing them of the CloudPets data breach.

Voice messages from children sent through an internet-connected toy called CloudPets were stolen from an exposed MongoDB database, which has been wiped clean and the data held for ransom.

Almost 200,000 servers are still vulnerable to Heartbleed, the OpenSSL vulnerability patched nearly three years ago.

A trove of MacKeeper user data—some 13 million records—has been locked down after a researcher found an exposed and accessible database using a simple Shodan query. Chris Vickery revealed his discovery on Monday on Reddit in more of an appeal to reach officials at Kromtech, the parent company that owns MacKeeper, a suite of performance...