Themes and wallpapers – how dangerous can they really be?

New attack technique uses Office 365 APIs to cross-check credentials against Azure Active Directory as victim types them in.

The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.

If you have an NGINX site that must allow users to upload files, try this configuration to help prevent possible Denial-of-Service attacks.

If you have CentOS servers in your data center, you'll want to make sure to patch them against BootHole. Jack Wallen shows you how.

Want to hide files and folders from your Linux desktop file manager? Jack Wallen shows you one handy method.

If you want to land a high-paying cybersecurity job or ace an IT security certification exam, check out these online training courses, which cover GDPR, business continuity, ethical hacking, and more.

Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws.

The ransomware attack has exposed internal documents from the court and knocked its website offline.

Researchers see more advanced attack groups creating tools and platforms to target Linux-based devices.

Placid poems to quiet the infosec pros harried mind. (Or placid, by infosec standards.)

Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.

The Russia-linked threat group is harvesting credentials for Microsoft's cloud offering, and targeting mainly election-related organizations.

Naked Security Live – here’s the recorded version of our latest video. Enjoy.