Several vulnerabilities can be chained together for a full exploit.

A high-severity flaw allows remote, unauthenticated attackers to potentially gain administrative privileges for Cisco small business switches.

The patches fix two separate RCE bugs in Windows Codecs that allow hackers to exploit playback of multimedia files.

Verizon Media has paid nearly $10 million to ethical hackers via HackerOne's platform.

An authentication-bypass vulnerability allows attackers to access network assets without credentials when SAML is enabled on certain firewalls and enterprise VPNs.

Adobe and payment-card companies are making last-minute pleas for e-commerce sites to update to Magento 2, to avoid Magecart attacks and more.

The Homeplug device, from Tenda, suffers from web server bugs as well as a DoS flaw.

The botnet can be used to mount different kinds of attacks, including code-execution and DDoS.

A first-stage malware loader spotted in active campaigns has added additional exploits and a new backdoor capability.

Several high-severity flaws in Nvidia's GPU display drivers for Windows users could lead to code-execution, DoS and more.

At the risk of giving you a feeling of déjà vu all over again, it's time to talk about Facebook hoaxes once more.

They're not surveillance spectacles, says Google, just a piece in the jigsaw of "ambient computing", where helpfulness is all around you.

Still thinking "the crooks probably won't find me if I make a security blunder"?

Databases can be had for as little as $100, on up to $1,100. Most, if not all, are being sold by the hacking group Shiny Hunters.

Booby-trapped images could be used to attack Windows 10 and Windows Server 2019 – update now!

No US entity charges citizens for registering to vote, but plenty of Google ads were happy to do so – and to grab your PII in the process.

TLS 1.0 and TLS 1.1 are now considered security risks and blocked by default.

Is it fair to expect everyone to renew all their web certificates every year? Apple says yes, and now Google does too.

TikTok, for one, promised to knock this off months ago but was caught red-handed, still at it, by the new clipboard notification in iOS 14.

If you run a website or a blog, watch out for emails promising "DNSSEC upgrades" – these scammers are after your whole site.