Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers.
Purported CIA documents leaked Tuesday appear to confirm that the U.S. National Security Agency and one of CIA's own divisions were responsible for the malware tools and operations attributed to a group that security researchers have dubbed the Equation.
The U.S. Central Intelligence Agency documents published by WikiLeaks Tuesday shows that one of the agency's teams specializes in reusing bits of code and techniques from public malware samples.
A five-month-old flaw in Android's SSL cryptographic libraries is among the 35 critical vulnerabilities Google fixed in its March security patches for the mobile OS.
The U.S. Department of Justice is asking a federal court to dismiss its indictment in a case that involves a child porn site known as Playpen after a judge asked the government to disclose the hacking technique it used to gather evidence.
HackerOne, the company behind one of the most popular vulnerability coordination and bug bounty platforms, has decided to make its professional service available to open-source projects for free.
Targeted attacks are moving away from traditional malware to stealthier techniques that involve abusing standard system tools and protocols that are less frequently monitored.
If you've been hit by Dharma ransomware, great news: Researchers have created decryption tools for the Dharma ransomware after someone recently leaked the encryption keys for it.
Google has expanded its Safe Browsing service, allowing Google Chrome on macOS to better protect users from programs that locally inject ads into web pages or that change the browser's home page and search settings.
A security analysis of robots used in homes, businesses and industrial installations has revealed many of the same basic security weaknesses that are commonly found in IoT devices, raising questions about the implications for human safety.
Cisco's Talos team has released a tool that allows network owners to discover switches on their networks that might be vulnerable to Cisco Smart Install (SMI) attacks.
The recently announced SHA-1 collision attack has the potential to break code repositories that use the Subversion (SVN) revision control system.
Google's Project Zero team has disclosed a potential arbitrary code execution vulnerability in Internet Explorer because Microsoft has not acted within Google's 90-day disclosure deadline.
For months a bug in Cloudflare's content optimization systems exposed sensitive information sent by users to websites including passwords, session cookies, authentication tokens and even private messages.
Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature.