Two IP cameras sold by Loftek and VStartcam are leaving over 1.3 million users open to 21 vulnerabilities that range from a lack of HTTPS encryption to bugs that open users up to cross-site request forgery attacks.

IBM fixed a cross-site scripting vulnerability in its Worklight and MobileFirst products that could have let an attacker steal sensitive information.

Black Hat may be the benchmark signaling the end of security nihilism and snark, and a re-prioritization of energy toward the greater good.

Internet of Things Cybersecurity Improvement Act would mandate stringent security for connected devices sold to the federal government.

Makers of Copyfish OCR software get taken on wild ride after code for its Chrome extension is stolen.

Hackers at DEF CON last week exploited vulnerabilities in electronic pollbooks and voting machines with ease.

Microsoft patched three new Outlook vulnerabilities and re-released updates from a broken June update.

Google’s top Android engineer describes how the attack surface is shrinking on the mobile operating system.

MedSec CEO Justine Bone said shorting companies to profit off discovered vulnerabilities is a viable business model for the security community.

Abuse of the Docker API allows remote code execution on targeted system, which enables hackers to escalate and persists thanks to novel attacks called Host Rebinding Attack and Shadow Containers.