While there's a ton of unbounded optimism from vendor marketing and consultant types, practitioners are still reserving a lot of judgment.

The APT group was spotted sending spear-phishing emails that purport to detail information about coronavirus - but they actually infect victims with a custom RAT.

Ryuk Ransomware targets another U.S. city, University of Kentucky ends a month-long cyberattack, and a secret-sharing app exposes user data - catch up on the week's news with the Friday Five.

Infosec professionals may feel not only fatigued, but isolated, unwell, and unsafe. And the problem may hurt both them and the businesses they aim to protect.

Two dozen individuals have been named in the latest arrests of alleged participants in a business email compromise scheme that cost victims $30 million.

The high-severity flaw allows malicious code injection into website pop-up windows.

Organizations are sending employees and students home to work and learn — but implementing the plan opens the door to more attacks, IT headaches and brand-new security challenges.

Attackers are capitalizing on the rise of misconfigured Internet-connected devices running the WS-Discovery protocol, and mobile carriers are hosting distributed denial-of-service weapons.

There are steps that IT departments can take to strengthen their technical infrastructure in advance of COVID-19's arrival at their facility.

Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

Amazon and eBay shopper data was exposed, and the EARN IT act threatens end-to-end encryption. These stories and more in the weekly roundup.

Concerns over cybersecurity risk and possible spying by China have already brought about bans from DHS, DoD, TSA, and the State Department.

Open source bugs have skyrocketed, according to a report from WhiteSource, with XSS flaws account for a quarter of those bugs.

The IICSA report cited “unprecedented levels of depravity” and said that encryption is getting in the way of current screening.

Younger minds -- more agile and less worried by failure -- provide a useful model for cyber defenders to think more creatively.

The Sunday cybersecurity attack was designed to slow down the agency's systems as it tries to grapple with the spread of COVID-19.