Alanna Titterington

The masterminds behind the colossal botnet encompassing 19 million IP addresses used free VPN services as bait to lure unsuspecting users.

A zero-day vulnerability actively exploited by attackers has been discovered in Internet Explorer — the browser that Microsoft supposedly laid to rest over a year ago.

The JavaScript CDN service Polyfill.io has started spreading malicious code. Remove the service’s script from your website.

Developers’ accounts are being hijacked using fake job offers sent from a legitimate GitHub address.

A new phishing technique uses progressive web apps (PWAs) to mimic browser windows with convincing web addresses to steal passwords.

Our experts have discovered ransomware they’ve dubbed “ShrinkLocker”, which encrypts infected computers’ drives using BitLocker — a utility built into Windows.

We discuss key aspects of WhatsApp’s security and privacy, and how to configure this messenger to enhance protection.

Google has unveiled new privacy and security features coming to Android 15. We take a look at the innovations in the upcoming operating system update.

dormakaba Saflok locks — used on around three million doors across 13,000 hotels — are vulnerable to an attack that involves forging electronic keycards.

Vehicle makers sell the data collected by connected cars about their users’ driving habits to data brokers – who resell it to insurance companies.

Researchers have learned to recognize the positions and poses of people indoors using Wi-Fi signals. To do this, they used ordinary home routers and machine learning.

A credential stuffing attack is one of the most effective ways to take control of accounts. Here’s how it works and what you should do to protect your company.

Every time a browser interacts with an advertising tracker, a program called Googerteller emits a short sound.

Dropbox has shared a report on a data breach in the Dropbox Sign e-signature service. What does this mean for users, and what should they do?

By hijacking domains with CNAME records and exploiting forgotten SPF records, attackers seize domains and use them for their own purposes.

How hackers exploit chatbot features to restore encrypted chats from OpenAI ChatGPT, Microsoft Copilot, and most other AI chatbots.

Commercial spyware — what it is, how it infiltrates devices, what it can do once inside, and how to defend against it.

SIM swap fraud is back in vogue. We explain what it is, the danger it poses to organizations, and how to guard against such attacks.

What’s the easiest way to hack a WPA2-protected wireless network? Using PMKID interception. Here’s how it works, and what you can do to protect yourself.

We explain what a pig butchering scam is: how it works, why it’s dangerous, and how to protect yourself from it.

VoltSchemer attacks on wireless Qi chargers using modified power sources can “fry” smartphones and other devices, as well as issue commands to voice assistants.