Google began sending out notices to site owners this month who haven’t yet migrated from HTTP to HTTPS warning them that in October their sites will be marked “NOT SECURE.”

Researchers spotted a strain of cookie stealing malware, injected into a legitimate JavaScript file, masquerading as a WordPress core domain.

Researchers said last week they came across a malicious function that was snuck into a module in Magento in order to steal credit card information.

The popular NextGEN Gallery WordPress plugin was recently patched to address a “severe” SQL injection vulnerability that put website databases at risk.

WordPress security experts said that 1.5M sites have been defaced following the disclosure of a silently fixed content injection vulnerability.

WordPress sites slow to update to the recent 4.7.2 security release run the risk of falling victim to a handful of defacement attacks spotted by Sucuri.

The dangers of Skyping and typing, the fingerprint warrant story, hiding credit card numbers in images, and more are discussed.

Researchers say attackers are embedding malicious code in poorly configured Magento sites that hides stolen payment card data in images.

Researchers have spotted several types of ransomware, including CryptXXX and a fairly new strain, Cryptobit, being pushed through the same shady series of domains. The campaign, called Realstatistics, has tainted thousands of sites built on both Joomla! and WordPress content management systems. Researchers with security company Sucuri observed the campaign injecting bogus analytics code, including the url...

A botnet comprised entirely of internet-enabled closed circuit TV devices used a barrage of HTTP requests to knock a small jewelry store offline for days. Researchers who came across the botnet recently said they weren’t surprised that IoT devices were being used to carry out a distributed denial of service attack but were caught off...