Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a .gov domain versus a commercial one ending in .com or .org. But a recent experience suggests this trust may be severely misplaced, and that it is relatively straightforward for anyone to obtain their very own .gov domain.

He and co-conspirators stole 50 gigs of music and leaked some of it onto the internet.

Malware on a payment system could have stolen credit card info from customers in 28 states, according to the company.

This new skimming/phishing hybrid threat tactic means that even stores that send customers to external payment processors are vulnerable.

Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back.

An infected minicomputer distributed an unidentified threat to 23 machines connected to the LiveScan fingerprint tracking system.

Major information disclosure and eavesdropping slipup now fixed

Convincing employees to take security seriously takes more than awareness campaigns.

Naked Security is looking for a content marketing intern to join the team for 12 months in 2020.

On Nov. 23, one of the cybercrime underground's largest bazaars for buying and selling stolen payment card data announced the immediate availability of some four million freshly-hacked debit and credit cards. KrebsOnSecurity has learned this latest batch of cards was siphoned from four different compromised restaurant chains that are most prevalent across the midwest and eastern United States.