A former NSA contractor was sentenced to 9 years in prison after pleading guilty earlier this year to removing classified information from the spy agency, in what is widely viewed as one of the largest thefts of U.S. secrets in history.

This article is about how I found a vulnerability on Instagram that allowed me to hack any Instagram account without consent permission. Facebook and Instagram security team fixed the issue and rewarded me $30000 as a part of their bounty program.

Apple informed us that it has sent out a silent security update to Macs to remove software that was automatically installed by RingCentral and Zhumu. These video conferencing apps both used technology from Zoom — they’re essentially white labels — and thus they also had Zoom’s security flaws. Specifically, they installed secondary pieces of software that could take commands from websites to open up your webcam in a video conference without your intervention.

Israeli mobile device forensics company Cellebrite proclaimed on Friday that it can break into any iOS device, including those running iOS 12.3.

So you've gotten your first infosec job—congratulations! Here's what to expect in terms of paying your dues. @Enterprisenxt

Every week I have at least one conversation with a security decision maker explaining why a lot of the hyperbole about passwords – “never use a password that has ever been seen in a breach,” “use really long passwords”, “passphrases-will-save-us”, and so on – is inconsistent with our research

Ransomware attacks, which see which see individuals and organisations locked out of their data unless they pay up, are on the rise and raking in huge profits

The flaw, it seems, was that anybody could reset anybody else's password to 7pay, the 7-Eleven Japan mobile payments app.

For consumers with smartphones, it’s not uncommon to receive emergency alert notifications for bad weather or other similar concerns.

It infected 10 million computers. So why did cybergeddon never arrive?

Check Point Research and CyberInt have identified a chain of vulnerabilities in the Origin gaming client developed by Electronic Arts (EA). Once exploited, the vulnerabilities would have led to player account takeover and identity theft. EA is the world’s second-largest gaming company and boasts household gaming titles such as FIFA, Madden NFL, NBA Live, UFC, The Sims, Battlefield, Command and Conquer and Medal of Honor in its portfolio.

The U.S. National Aeronautics and Space Administration (NASA) this week confirmed that its Jet Propulsion Laboratory (JPL) has been hacked. An audit document from the U.S. Office of the Inspector General was published by NASA this week. It reveals that an unauthorized Raspberry Pi computer connected to the JPL servers was targeted by hackers, who then moved laterally further into the NASA network. How much further? Well, the hackers apparently got as far as the Deep Space Network (DSN) array of radio telescopes and numerous other JPL systems.

The information of 2.9 million Caisse Desjardins members, including 173,000 businesses, has been shared with people outside the organization because of a data breach by an employee, the Quebec-based co-operative said Thursday.

In a strangely public product announcement, the phone-cracking firm revealed a powerful new device.

Next year’s US elections will be no more secure than in 2016. That’s the depressing conclusion from reports out this week.

Extent of the hack is unknown, but Flipboard said hackers had access to its systems for almost nine months.

Time to get serious about security-focused code reviews. And mandate 2FA already.

The sensitive data of almost 50 million Instagram “influencers” has been leaked and is at risk, thanks to yet another unsecured AWS instance.

Layered security only works if the layers are, y'know, secure.

Many private Git repositories are at risk of being leaked to the public. Anonymous hackers have wiped victims’ code and are demanding Bitcoin. Or else? Or else they’ll open-source it for you. And then everyone will be able to see your soopah-sekrit sores, bruh. But how? The way they broke in is making many scratch their head: It seems people had been publishing their GitHub, GitLab or BitBucket credentials on the web.