The Threat Post

The new tools on Chrome and Edge will make it easier for browser users to discover - and change - compromised passwords.

The "KindleDrip" attack would have allowed attackers to siphon money from unsuspecting victims.

A former ADT employee pleads guilty of accessing customers’ cameras so he could spy on them.

The CursedGrabber malware has infiltrated the open-source software code repository.

Up to 4,000 stolen files have been released by hackers who launched a ransomware attack against the Scottish Environmental Protection Agency on Christmas Eve.

Netscout researchers identify more than 14,000 existing servers that can be abused by ‘the general attack population’ to flood organizations’ networks with traffic.

Einstein is in violation of the the HHS 60-day breach notification rule, but unlikely to face penalty.

Researchers have traced the origins of a campaign - infecting SQL servers to mine cryptocurrency - back to an Iranian software firm.

Researchers warn that attackers are collecting reconnaissance for future business email compromise attacks using Google Forms.

A phishing campaign spoofs Xerox notifications to lure victims into clicking on malicious HTML attachments.

Cisco is stoppering critical holes in its SD-WAN solutions and its smart software manager satellite.

The company also issued patches for Tesla-based GPUs as part of an updated, separate security advisory.

The attack vector was not the Orion platform but rather an email-protection application for Microsoft 365.

Users of dating apps - like Tinder, Match and Bumble - should be on the lookout for investment-fraud scammers.

Mystery of spying using popular chat apps uncovered by Google Project Zero researcher.

Seven flaws in open-source software Dnsmasq could allow DNS cache poisoning attacks and remote code execution.

Joyce will replace Anne Neuberger, who is now deputy national security advisor for the incoming Biden administration.

The post-compromise backdoor installs Cobalt Strike to help attackers more laterally through victim networks.

The FreakOut malware is adding infected Linux devices to a botnet, in order to launch DDoS and cryptomining attacks.

Users of the Linux-based open-source firmware—which include developers from commercial router companies--may be targeted by phishing campaigns, administrators warn.