Even so, backdoors and droppers are rare in the wild.
Several vulnerabilities can be chained together for a full exploit.
Facebook has fixed a privacy issue that gave developers access to user data long after the 90-day "expiration" date.
New ‘smishing’ campaigns from the Roaming Mantis threat group infect Android users with the FakeSpy infostealer.
A high-severity flaw allows remote, unauthenticated attackers to potentially gain administrative privileges for Cisco small business switches.
The malware is using DNS tunneling to exfiltrate payment-card data.
Mac expert Thomas Reed discusses how EvilQuest is ushering in a new class of Mac malware.
Four Android spyware tools have been used in a widespread APT campaign to spy on the Uyghur ethnic minority group - since 2013.
Almost 90% of email attacks manipulate sender identity to fool recipients and initiate social engineering attacks.
The patches fix two separate RCE bugs in Windows Codecs that allow hackers to exploit playback of multimedia files.
Verizon Media has paid nearly $10 million to ethical hackers via HackerOne's platform.
A rare, new Mac ransomware has been discovered spreading via pirated software packages.
The spy malware is being delivered via a complex infrastructure with multiple layers, in an effort to avoid analysis.
UCSF has paid more than $1 million after a ransomware attack encrypted data related to "important" academic research on several servers.
An authentication-bypass vulnerability allows attackers to access network assets without credentials when SAML is enabled on certain firewalls and enterprise VPNs.
More employees working remotely most likely means an increased reliance on cloud services and applications.
An anonymous bidding mechanism enhances the REvil group's double-extortion game.
Adobe and payment-card companies are making last-minute pleas for e-commerce sites to update to Magento 2, to avoid Magecart attacks and more.
Comparitech’s Paul Bischoff found that Amazon’s facial recognition platform misidentified an alarming number of people, and was racially biased.
The Homeplug device, from Tenda, suffers from web server bugs as well as a DoS flaw.