Researchers discover ‘first known instance’ of botnet targeting flaw in Apache Struts.

New app requirements put the onus on developers, but long and legalese-filled privacy policies often leave users none the wiser.

Innovative host header attack bags $7,560 bounty.

Top infosec trends in the media spotlight this week.

Privilege escalation bug becomes a case study in exploit integration and threat detection.

And Microsoft is offering enterprises dedicated app compatibility support.

A 19-year-old man from the United Kingdom who headed a cybercriminal group whose motto was "Feds Can't Touch Us" pleaded guilty this week to making bomb threats against thousands of schools.

On Aug. 31, officers with the U.K.'s National Crime Agency (NCA) arrested Hertfordshire resident George Duke-Cohan, who admitted making bomb threats to thousands of schools and a United Airlines flight traveling from the U.K. to San Francisco last month.

New report claims pen testers carried out banking attacks.

Popular file-sharing site Mega.nz is warning users that cybercriminals hacked its browser extension for Google Chrome so that any usernames and passwords submitted through the browser were copied and forwarded to a rogue server in Ukraine. This attack serves as a fresh reminder that legitimate browser extensions can and periodically do fall into the wrong hands, and that it makes good security sense to limit your exposure to such attacks by getting rid of extensions that are no longer useful or actively maintained by developers.

Request encryption, get script injection.