New attacks against unfinished installations of WordPress aim to give attackers admin access and the opportunity to run PHP code.
New malware is infiltrating bona fide apps, making banking Trojans harder to detect. Fortunately, it can be shut down if it is detected in time.
Malicious script Magecart is still going strong, allowing threat actors to hire U.S. mules to ship fraudulently purchased goods.
A Dutch developer stole e-commerce customers' login credentials using a website backdoor and admin access that former employers had neglected to revoke.
IBM Research — Haifa recently developed a solution that acts like a moving target, randomizing files to safeguard against ROP attacks.
Cybercriminals use code hooking to intercept OS function calls to alter or augment their behavior. The technique is becoming more popular and dangerous.
A new exploit called pastejacking results in victims unwittingly infecting their own machines thanks to malicious code hidden in seemingly normal text.
Cross-site scripting (XSS) attacks exploit Web design tools to sneak malicious scripts onto users' browsers. Preventive measures can minimize the risk.
Fifty percent of the exploits observed by Trusteer and IBM X-Force Research in December 2013 targeted Java vulnerabilities.
Latest security trends—from malware delivery to mobile device risks—based on data and ongoing research from the IBM X-Force Research team on today’s security threat landscape. Wherever you go, attackers will follow as security attacks are...