Tens of millions of products ranging from airport surveillance cameras, sensors, networking equipment and IoT devices are vulnerable to a flaw that allows attacks to remotely gain control over devices or crash them.

Researchers discovered an active Twitter botnet made up of 38,000 bots, generating 8.5 million tweets and netting over 30 million clicks from its victims.

Researchers Tavis Ormandy and Cris Neckar privately disclosed a critical vulnerability in Cisco’s WebEx extension for Chrome and Firefox that allows for remote code execution.

Leading certificate authority Let’s Encrypt is facing criticism that its rapid growth and eagerness to encrypt internet communications is happening at a cost.

Researchers have spotted malicious email campaigns using Zip archives to spread NemucodAES ransomware and the Kovter click-fraud Trojan, simultaneously distributing both pieces of malware.

Attackers have been carrying out WPSetup attacks, taking advantage of users who have installed WordPress but not yet configured it.

An analysis of Amazon Web Services storage containers reveals troubling trend of misconfigured S3 buckets that leak data.

Data belonging to 14 million Verizon customers was exposed by a partner, which misconfigured a repository storing the personal information it had access to.

Botnets distributing FlokiBot point-of-sale malware are back in business spewing a new malware dubbed LockPoS.

Microsoft releases a total of 57 security patches, part of its July Patch Tuesday, with 20 rated critical.