Wake-on-LAN and ARP pinging have expanded Ryuk's reach into corporate LANs — and its operators' monetization abilities.

Sumo Logic plans to integrate JASK's autonomous security operations center software into a new intelligence tool.

Crashing honeypots alerted the researcher who found the Bluekeep vulnerability.

Know any Apple developers? Make sure they’re signed up to Apple’s security advisories, and getting their developer updates.

Smart voice assistants can be hijacked by attackers using lasers to send them remote, inaudible commands.

Stealing payment-card data and PII from e-commerce sites has become so lucrative that some are being targeted by multiple groups at the same time.

Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading

Excel's handling of an old macro format gives unauthenticated remote attackers a way to take control of vulnerable systems, Carnegie Mellon's CERT/CC says.

A friend heard a couple arguing but couldn’t make out what it was about. Police hope that Alexa might have a better idea.

Incident that exposed emails to a PayPal scam once again highlights the persistent nature of third-party security risk.

“Here’s our new bank account number,” the scammers said. When the real construction firm sent their invoice, payment was made to the crooks.

Google has patched an Android bug that could have allowed attackers to use NFC to send over a malicious file to the victim’s phone

Web development is at much more risk than commonly perceived. As attackers eye the enterprise, third-party code provides an easy way in.

Cybercriminals are leveraging political names and figures for social engineering as the elections loom.

In 2019, 23 city governments in Texas experienced a coordinated ransomware attack. Tom Merritt explains how they defended themselves and ways you can protect your own business.