Stories by Lucian Constantin

The source code for a new banking Trojan has been published online, offering an easy way for unskilled cybercriminals to launch potent malware attacks against users.

Developers of the popular LastPass password manager are working to fix a serious vulnerability that could allow malicious websites to steal user passwords or to infect computers with malware.

The Mac and iPhone exploits described in new documents attributed to the U.S. Central Intelligence Agency were patched years ago, according to Apple.

Google plans to remove the extended validation (EV) status of any such certificates issued by Symantec and to force the company to replace all of its customers' certificates.

The iCloud credentials that the Turkish Crime Family hacker group claims to have weren't obtained through a breach of the Apple's services.

The U.S. CIA has had tools to infect Apple Mac computers by connecting malicious Thunderbolt Ethernet adapters to them since 2012, according to new documents purported to be from the agency and published by WikiLeaks.

Developers of the popular LastPass password manager rushed to push out a fix to solve a serious vulnerability that could have allowed attackers to steal users' passwords or execute malicious code on their computers.

A group of hackers is threatening to wipe millions of iOS devices in two weeks if Apple doesn't pay them US$150,000.

Organizations that use the popular Moodle learning management system should deploy the latest patches as soon as possible because they fix vulnerabilities that could allow attackers to take over web servers.

Two teams of researchers managed to win the biggest bounties at this year's Pwn2Own hacking contest by escaping from the VMware Workstation virtual machine and executing code on the host operating system.

Companies that use security products to inspect HTTPS traffic might inadvertently make their users' encrypted connections less secure and expose them to man-in-the-middle attacks, the U.S. Computer Emergency Readiness Team warns.

Several attacks observed over the past few months that rely heavily on PowerShell, open-source tools and fileless malware techniques, might be the work of a single group of hackers.

An unpatched command injection vulnerability could allow hackers to take over enterprise networking products from Ubiquiti Networks.

During the first day of the Pwn2Own hacking contest, security researchers successfully demonstrated exploits against Microsoft Edge, Apple's Safari, Adobe Reader, and Ubuntu Desktop.

Microsoft's batch of security patches for March is one of the largest ever and includes fixes for several vulnerabilities that are publicly known and actively exploited.