Our investigation shows how repressive regimes can buy and use the kind of spying tools Edward Snowden warned us about. Billions of people are inseparable from their phones. Their devices are within reach – and earshot – for almost every daily experience, from the most mundane to the most intimate.

It is the name for perhaps the most powerful piece of spyware ever developed – certainly by a private company. Once it has wormed its way on to your phone, without you noticing, it can turn it into a 24-hour surveillance device. It can copy messages you send or receive, harvest your photos and record your calls. It might secretly film you through your phone’s camera, or activate the microphone to record your conversations. It can potentially pinpoint where you are, where you’ve been, and who you’ve met.

Banks' growing reliance on cloud computing could pose a risk to financial stability and will require stricter oversight, according to top executives from the UK's central bank.

As a slew of disruptive ransomware attacks have rattled the U.S., here’s what you should know as debate over cybersecurity and how to fight ransomware continues.

The computer code behind the massive ransomware attack by the Russian-speaking hacking ring REvil was written so that the malware avoids systems that primarily use Russian or related languages, according to a new report by a cybersecurity firm. It's long been known that some malicious software includes this feature, but the report by Trustwave SpiderLabs, obtained exclusively by NBC News, appears to be the first to publicly identify it as an element of the latest attack, which is believed to be the largest ransomware campaign ever.

If you’ve been using Kaspersky Password Manager (KPM) on your iPhone for a while, you may need to generate some new passwords. A security researcher has discovered two flaws that could result in an attacker having to try as few as 100 passwords to find yours …

The single biggest global ransomware attack yet continued to bite Monday as details emerged on how the Russia-linked gang responsible breached the company whose software was the conduit. In essence, the criminals used a tool that helps protect against malware to spread it widely.

A ransomware attack paralyzed the networks of at least 200 U.S. companies on Friday, according to a cybersecurity researcher whose company was responding to the incident. The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs.

A successful ransomware attack on a single company has spread to at least 200 organizations, according to cybersecurity firm Huntress Labs, making it one of the single largest criminal ransomware sprees in history.

Amazon’s cloud-computing business has acquired Wickr, an encrypted messaging platform used by government agencies and enterprises, the company announced Friday. Terms of the deal weren’t disclosed.

Western Digital has alerted customers to a critical bug on its My Book Live storage drives, warning them to disconnect the devices from the internet to protect the units from being remotely wiped.

It's hard to make people care about cybersecurity. A Japanese company, however, has a suggestion.

Virtually no mandatory cybersecurity rules govern the millions of food and agriculture businesses that account for about a fifth of the U.S. economy. And now, the risk has become real.

CSIRO chief executive Dr Larry Marshall has explained why the agency sensationally dumped the team behind the seL4 microkernel, saying he did not believe it was feasible to spin out the research in Australia and that it didn’t fit with the agency’s new focus on AI. The Trustworthy Systems team, which developed the extremely hard-to-hack microkernel in use around the world and who are regarded as world-leading in the field, sits within CSIRO’s digital arm Data61 but was dropped by the agency last month. They quickly received interest from a number of potential overseas buyers, before receiving a funding lifeline from the University of...

The US Department of Justice (DOJ) announced today that a Latvian national was charged for her alleged role as a malware developer in the Trickbot transnational cybercrime organization. Alla Witte (aka Max) was charged with 19 counts of a 47-count indictment after being arrested on February 6 in Miami, Florida.

The hack against JBS is renewing calls for stronger cybersecurity requirements for critical companies.

Apple has yet to patch a security bug found in iPhones and Macs despite the availability of a fix released almost three weeks ago, a researcher said. The vulnerability resides in WebKit, the browser engine that powers Safari and all browsers that run on iOS. When the vulnerability was fixed almost three weeks ago by open source developers outside of Apple, the fix's release notes said that the bug caused Safari to crash. A researcher from security firm Theori said the flaw is exploitable, and despite the availability of a fix, the bug is still present in iOS and macOS.

On Feb. 5, an unidentified hacker broke into the computer system of a treatment plant in the Florida town of Oldsmar and temporarily changed the plant’s sodium hydroxide setting to a potentially dangerous level, according to local officials. It turns out that hacker wasn’t alone on the network.

Cloudflare, which you may know as a provider of DNS services or the company telling you why the website you clicked on won’t load, wants to replace the “madness” of CAPTCHAs across the web with an entirely new system.

On the day Apple was set to announce a slew of new products at its Spring Loaded event, a leak appeared from an unexpected quarter. The notorious ransomware gang REvil said they had stolen data and schematics from Apple supplier Quanta Computer about unreleased products, and that they would sell the data to the highest bidder if they didn’t get a $50 million payment. As proof, they released a cache of documents about upcoming, unreleased MacBook Pros. They've since added iMac schematics to the pile.