The Feds have warned on six vulnerabilities in GE medical equipment that could affect patient monitor alarms and more.

The critical flaw exists in Cisco's administrative management tool, used with network security solutions like firewalls.

Citrix has issued the first of several updates fixing a critical vulnerability in various versions of its Citrix Application Delivery Controller (ADC) and Citrix Gateway products.

CVE-2020-0674 is a critical flaw for most Internet Explorer versions, allowing remote code execution and complete takeover.

Weak challenge questions by customer service reps make it easy for fraudsters to hijack a phone line and bypass 2FA to breach accounts.

Are publicly released proof-of-concept exploits more helpful for system defenders — or bad actors?

Are publicly-released PoC exploits good or bad? Why is the Joker malware giving Google a headache? The Threatpost team discusses all this and more in this week's news wrap.

The flaws affect a key tool for managing its network platform and switches.

Two proof-of-concept exploits were publicly released for the major Microsoft crypto-spoofing vulnerability.

Authentication bypass bugs in WordPress plugins InfiniteWP Client and WP Time Capsule leave hundreds of thousands of sites open to attack.

A new, comprehensive code will compel online services to put children's health and safety before data-collecting profits.

Is there some good news hidden in the story of the CVE-2020-0601 crypto vulnerability?

Digital forensic evidence points to the phone's massive, months-long data egress having likely been triggered by Pegasus mobile spyware.

Sources told Reuters that Apple may have been convinced by arguments made during the legal fight over cracking the San Bernardino iPhone.

Stopping software updates for legacy kit is nothing new, but it's the way the company has done it that has Sonos customers' hackles up.

What’s the difference between a real job and a fake one found on the internet? The fake ones are suspiciously easy to get interviews for.

Microsoft has today announced a data breach that affected one of its customer databases.

The network of sites and services run by the alleged operators target the Rainbow Six Siege game, selling attacks to cheating players.

How do you ensure you're compliant with privacy regulations? NIST has released a Privacy Framework to help you get your house in order.

Another company has ended up accidentally spilling sensitive data from business collaboration tool Trello.