An IDN homograph attack leveraging Adobe’s brand has been discovered, with the malicious site spreading the Betabot backdoor

The Apache Software Foundation released a patch on Tuesday for a critical vulnerability impacting all versions of Struts since 2008.

600 gigabytes of information, including SQL database dumps, code, access logs, and customer information, belonging to BroadSoft and its client, TWC, was left online, accessible to anyone.

Thousands of resumes and job applications from U.S. military veterans, law enforcement, and others were leaked by a recruiting vendor in an unsecured AWS S3 bucket.

A malware campaign utilizing bogus “HoeflerText” popup warnings is back in full swing targeting Google Chrome and Firefox browsers with Locky ransomware attacks and the NetSupport Manager RAT.

The Onliner spambot, Google’s forthcoming Not Secure warnings for Chrome, the WireX botnet, Sarahah privacy and more are discussed.

Automattic has patched a reflected cross-site scripting vulnerability in the WooCommerce WordPress plugin.

Researchers accessed the Onliner spambot and found 711 million records, including email addresses, email and password combinations, and SMTP credentials and configuration files.

Google began sending out notices to site owners this month who haven’t yet migrated from HTTP to HTTPS warning them that in October their sites will be marked “NOT SECURE.”

Researchers warn a retooled ‘Jimmy’ Nukebot no longer steals bankcard data, rather focuses on avoiding detection as it downloads malicious modules.