University researchers created a browser-based JavaScript that leverages a phone’s smart device sensor data to steal PINs.

Researchers at Kaspersky Lab today disclosed the activities of the Lamberts APT, a group using many of the tools and tactics found in the Vault 7 dumps.

A Microsoft Word zero-day vulnerability is being used to spread the Dridex banking Trojan in attacks that have bypassed mitigation efforts.

Microsoft Patch Tuesday fixes 45 vulnerabilities, one being an active zero-day bug used to spread the Dridex banking Trojan.

A previously undisclosed baseband vulnerability impacting Huawei smartphones, laptop WWAN modules and IoT components was revealed Thursday at the Infiltrate Conference

Security information and event management solutions are supposed to boost security, but researchers say the network analysis tools are ripe attack targets.

Justin Schuh, lead engineer of Chrome Security, said ensuring browser security for Chrome users is a balancing act juggling OEM pressures, questionable certificate authorities and quashing third-party software incompatibility issues.

Cisco Talos researchers spot a stealthy new remote administration tool calling ROKRAT that targets Korean-language Microsoft Word alternative Hangul Word Processor.

Hackers pulled off a stunning compromise of a Brazilian bank’s operations, gaining control of each of the bank’s 36 domains, corporate email and DNS.

Researchers may have found a link between Moonlight Maze of the late ’90s and the Turla APT, which would elevate Turla to the ranks of the Equation Group as an elite nation-state attacker.