Starting in September, publicly trusted certificate authorities will have to honor a special Domain Name System (DNS) record that allows domain owners to specify who is allowed to issue SSL certificates for their domains.
Stories by Lucian Constantin
The gang behind the Dridex computer trojan has adopted an unpatched Microsoft Word exploit used in attacks for months and used it to target millions of users.
None of the new alleged NSA exploits leaked by the Shadow Brokers hacking group poses an immediate threat to users.
Attackers have been exploiting an unpatched vulnerability in Microsoft Word for the past few months to compromise computers and infect them with malware.
Hackers have started adding data-wiping routines to malware that's designed to infect internet-of-things and other embedded devices.
Attackers are exploiting a vulnerability patched last month in the Apache Struts web development framework to install ransomware on servers.
Endpoint security vendor F-Secure has acquired a behavior-based security application for macOS called Little Flocker that was developed by an independent researcher.
A critical vulnerability in the widely used Xen hypervisor allows attackers to break out of a guest operating system running inside a virtual machine and access the host system's entire memory.
Apple fixed a serious vulnerability that could allow attackers to remotely execute malicious code on the Broadcom Wi-Fi chips used in iPhones, iPads, and iPods.
Antivirus vendor Bitdefender has released a free decryption tool that works for any files affected by the Bart ransomware.
A team of researchers from security vendor Cylance demonstrated a proof-of-concept ransomware program that ran inside a motherboard's Unified Extensible Firmware Interface (UEFI).
Google offered to pay US$200,000 to any researcher who could remotely hack into an Android device by knowing only the victim's phone number and email address, but no one stepped up to the challenge for six months.
A proof-of-concept exploit has been published for a zero-day vulnerability in Microsoft Internet Information Services 6.0, a version of the web server that's no longer supported.
Developers who publish their code on GitHub have been targeted in an attack campaign that uses a little known but potent cyberespionage malware.
VMware has released critical security patches for vulnerabilities demonstrated during the recent Pwn2Own hacking contest that could be exploited to escape from the isolation of virtual machines.