An ongoing malvertising campaign is exploiting WordPress plugin vulnerabilities to redirect website visitors to malicious pages.

Security experts say the attack stemmed from weak cybersecurity controls.

Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading

But gaining a foothold on the LAN via vulnerabilities on Internet-facing assets is becoming harder, Rapid7 found in its real-world pen tests.

Can a stream of data intended for network performance monitoring be the basis of network security? One company says the answer is 'yes.'

Meanwhile, criminals waged more encrypted, ransomware, and IoT attacks.

A hole in the supposed closed-loop messaging system allowed children to join group chats with people their parents hadn’t approved.

Apple released fixes for various products this week, including one for a bug that has been public with proof-of-concept code for two months.

Virtual private networking is poised to become more automated and intelligent, especially as endpoints associated with cloud services and the IoT need protection.

Do you travel to dangerous places, like Information Security Conferences?

The 787 Dreamliner, WhatsApp, and Windows 10 are all subjects of cutting-edge Reverse Engineering talks at this year's August event.

In the second of a two part series discussing recent ransomware attacks against municipalities, Shawn Taylor with Forescout talks about how cities can protect themselves.

Malware that used to be advanced is now available to everyone. These three actions could help you stay safer.

An inside look at staffing levels, budget allocation, outsourcing habits, and the metrics used by security operations centers (SOCs).

Make sure you're only pulling down signed Docker images with Content Trust enabled.

Make sure you're only pulling down signed Docker images with Content Trust enabled.

Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 US presidential election.

DEF CON's Voting Village and AI Village team up with r00tz Asylum to let kids explore simulated campaign financial disclosure portals and disinformation campaigns.

Researchers have linked the surveillance tool to a Russian tech firm that has been sanctioned for interfering with the 2016 U.S. presidential election.

As IIoT (Industrial IoT) systems continue to interact with enterprise systems and business processes, a new guide offers a set of best practices to securing them.