In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but…

Password managers are a good way to keep your passwords unique, strong and safe. Tom Merritt gives us five tips on how to use them correctly.

Tom Merritt gives tips for staying safe with password managers.

A rundown of leading web browsers’ privacy and security features – both in place and in the pipeline

A campaign is stealing one-time password tokens to gain access to PayPal, Apple Pay and Google Pay, among others.

US truck manufacturer breaks bad news to employees and retired workers

More than 200 applications on the Google Play store have, until recently, allowed cybercriminals to deliver malicious Web content to victims' phones, likely garnering tens of millions of dollars.

As Adam Selipsky takes the helm at Amazon Web Services, security must be one of the first things he addresses. Here are three initiatives that should take priority.

Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

Newly discovered code resembles the Kazuar backdoor and the Sunshuttle second-stage malware distributed by Nobelium in the SolarWinds supply-chain attacks.

HTTP request smuggling is a growing vulnerability, but you can manage the risk with proper server configuration.

NTT Application Security's Modern AppSec Framework takes a DAST-first approach to defend applications where breaches happen — in production.

The Conti ransomware gang has developed novel tactics to demolish backups, especially the Veeam recovery software.

Less than a third of the people surveyed by NordPass follow best practices when devising a password.

Ilya Sachkov, founder and CEO of the massive cybersecurity firm, was arrested on treason charges and will be in custody for two months.