Alanna Titterington

This is a tale about how vulnerabilities in apps by intimate-toy maker Lovense exposed users’ identities and allowed for account takeovers — a problem the company ignored for years.

Official gaming websites and platforms may seem safe, but even there gamers occasionally encounter malware. We break down infection cases involving Endgame Gear, Steam, and Minecraft.

WordPress sites are increasingly becoming targets of attacks exploiting vulnerabilities in plugins and themes. In this post, we examine recent cases and share protection tips.

Deepfake videos, fraudulent Instagram and Facebook accounts, private WhatsApp chats: how Mark Zuckerberg’s social media platforms have become a primary tool for investment scammers.

How the research tool Defendnot disables Microsoft Defender by registering a fake antivirus, and why you shouldn’t always trust what your operating system says.

This is a story of how a blockchain developer lost US$500 000 to a fake Solidity extension from the Open VSX marketplace.

Funny hacks that became internet legends: talking traffic lights, a high-school Rickroll, robot vacuums on the rampage, a Lenovo defacement, and a Burger King hijack.

Researchers have found several vulnerabilities in the Sitecore CMS platform that enable unauthenticated remote code execution (RCE).

Since 2016, a threat actor has been exploiting insecure plugins and themes to infect WordPress websites and redirect traffic to malicious websites.

Researchers find 57 potentially dangerous browser extensions in the Chrome Web Store. Here’s why they’re dangerous, and how not to fall victim.

Scammers are using Google ads to push fake versions of real websites – and they’re after business accounts and company data.

Newly discovered vulnerabilities in AirPlay allow attacks on Apple devices and other AirPlay-enabled products over Wi-Fi – including zero-click exploits.

We explore how cybercriminals are targeting IT specialists searching for a popular network scanner, using the Interlock ransomware attack as an example.

A look at how Apple’s new child protection features work, what their limitations are, and why you still can’t do without third-party solutions.

Scammers are exploiting Google services to send fake law enforcement inquiry notifications, making them look like they originate from accounts.google.com.

A security researcher has investigated his own smart mattress cover, discovering several ways to hack it — including through a backdoor preinstalled by the developer.

A vulnerability in Google OAuth allows attackers to access accounts of defunct organizations through abandoned domains.

A year after the ransomware attack on healthcare giant UnitedHealth Group, we’ve compiled all publicly available information about the incident and its aftermath.

The recent leak at major location-data broker, Gravy Analytics, shines a light on the implications of mass location-data collection.

$3 billion worth of damage to healthcare insurance giant, schools closed, soccer club players’ data leaked, and other ransomware incidents in 2024.

We look at the most notable supply-chain attacks of 2024.