For the last eight years a critical vulnerability has lurked within the code of the Joomla CMS which could have allowed malicious hackers to steal every user's login credentials - including those belonging to administrators.

Read more in my article on the Hot for Security blog.

Websites are being told that they have until September 30th to pay extortionists $720 worth of Bitcoin, or else suffer a distributed denial-of-service (DDoS) attack.

Read more in my article on the We Live Security blog.

A witch hunt against a long-established major player in the infosecurity space should be something that brings the industry together. It's ghastly to see how McAfee is behaving.

The U.S. Securities and Exchange Commission (SEC) has revealed that attackers might have used data they stole in a security breach for illicit insider trading.

David Bisson reports.

When did you last backup your data? How and what should you backup? And where should you store them?

All is revealed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Maria Vamarzis.

More than three dozen public schools and other educational institutions canceled classes after receiving threats from a "cyber terrorist."

David Bisson reports.

Carelessness is believed to have exposed access credentials and other critical information assets owned by media giant Viacom Inc, leaving them viewable by anyone with an internet connection.

David Bisson reports.

A Chrome browser extension, with over 140,000 users, is gobbling up the resources of users' computers by secretly mining for virtual cash.

Read more in my article on the Hot for Security blog.

New families of trojans continue to prosper on the Android platform as malicious hackers increasingly target mobile users in their attempt to steal login credentials and personal information.

Read more in my article on the Tripwire State of Security blog.

Woah! Calm down media. Equifax *did* go public about the earlier incident, and it was reported in the security press.

Patches should have been in place, but Equifax's music-loving CSO has been unfairly vilified.

The Pirate Bay surprised many of its users when it quietly added a JavaScript-based cryptocurrency miner to its website.

David Bisson reports.

Trusted by millions, distributed by an anti-virus company, CCleaner compromised the security of users with a malicious backdoor.

Credit reporting agency Equifax has revealed more details of just how many people are affected in the UK, as consumers are warned of the risk of phishing attacks.

Read more in my article on the We Live Security blog.

A hacking gang posted 3.12 terabytes of VEVO's internal files online, after it discovered the company was being reckless with its security.

David Bisson reports.

As many as 200,000 websites may have been running a WordPress plugin that allowed third parties to publish any content they wished on victims’ sites via a backdoor. Watch out for supply chain attacks that could impact your website...

Read more in my article on the Tripwire State of Security blog.

A company is offering up to one million dollars in bounties for anyone who finds and reports exploitable zero-day flaws in the Tor Browser.

David Bisson reports.

Equifax's shambolic response to its huge data breach, a scary-sounding Bluetooth exploit, and Apple's iPhone X comes with Face ID.

All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Javvad Malik.

Researchers have discovered a new attack vector they've named "BlueBorne" that enables bad actors to compromise nearly every connected device via Bluetooth.

David Bisson reports.

Microsoft has once again released a batch of essential security updates for users of its software. What are you waiting for?

Read more in my article on the Hot for Security blog.