Their complexity makes them a security hazard; their ubiquity makes replacement nigh impossible.

mSpy, the makers of a software-as-a-service product that claims to help more than a million paying customers spy on the mobile devices of their kids and partners, has leaked millions of sensitive records online, including passwords, call logs, text messages, contacts, notes and location data secretly collected from phones running the stealthy spyware.

Less than a week ago, security researcher Nitish Shah directed KrebsOnSecurity to an open database on the Web that allowed anyone to query up-to-the-minute mSpy records for both customer transactions at mSpy's site and for mobile phone data collected by mSpy's software. The database required no authentication.

The world’s major tech companies have similar policies in handling our online accounts, even under threat of law or after our death.

Search giant working on verification program for legitimate providers.

2,500 like-minded people descend on South West England to ‘hack the planet’.

A 20-year-old from Vancouver, Washington was indicted last week on federal hacking charges and for allegedly operating the "Satori" botnet, a malware strain unleashed last year that infected hundreds of thousands of wireless routers and other "Internet of Things" (IoT) devices. This outcome is hardly surprising given that the accused's alleged alter ego has been relentless in seeking media attention for this global crime machine.

Flaw allows a local user to obtain System privileges.

One Romanian campus computer lab both pentested the world and eventually helped protect it.

Flash will have to be enabled every time a site tries to use it.

Speculative execution attacks truly are the gift that keeps on giving.