A spyware attack on a Saudi dissident living in Canada made headlines this week, but Citizen Lab warns that simpler attacks are the real epidemic.

More than 80% of surveyed routers had, on average, 172 security vulnerabilities, new research shows.

From time to time, there emerge cybersecurity stories of such potential impact that they have the effect of making all other security concerns seem minuscule and trifling by comparison. Yesterday was one of those times. Bloomberg Businessweek on Thursday published a bombshell investigation alleging that Chinese cyber spies had used a U.S.-based tech firm to secretly embed tiny computer chips into electronic devices purchased and used by almost 30 different companies. There aren't any corroborating accounts of this scoop so far, but it is both fascinating and terrifying to look at why threats to the global technology supply chain can be so difficult to detect, verify and counter.

 D-Link has released the beta version of the controller which addresses the reported vulnerabilities.

Analysis of 20,000 voice phishing, or vishing, calls reveals patterns in how hackers operate.

Threatpost editors discuss the highlights and biggest breaking news from this past week.

The latest Building Security in Maturity Model (BSIMM9) report offers a statistically backed, bare-minimum benchmark for software security initiatives.

The business of fake likes and followers turns out to be a sprawling enterprise -- likely tied back to IoT botnet activity.

Technology such as Apple's device trust score that decides "you" is "not you" is a good thing. But only if it works well.

Top infosec trends in the social media spotlight this week.