Log inOpen app
Threatpost
22.7K posts
user avatar
Threatpost
@threatpost
Threatpost is the first stop for fast-breaking security news, conversations and analysis from around the world.
threatpost.com
Joined January 2009
5,744
Following
207.7K
Followers
user avatar
@threatpost

See Threatpost’s full profile

Open X

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • user avatar
    Threatpost
    @threatpost
    Jul 12, 2019
    #Google is under fire after a report found that Google Home and Google Assistant records user audio, even when no wake-up word is used. threatpost.com/google-home-re…
    42
    248
    301
  • user avatar
    Threatpost
    @threatpost
    Apr 2, 2019
    A white hat hacker reverse engineered 30 mobile financial applications and found sensitive #data buried in the underlying #code of nearly all apps examined. threatpost.com/financial-apps…
    3
    140
    180
  • user avatar
    Threatpost
    @threatpost
    Apr 3, 2019
    Breaking: Hundreds of millions of #Facebook records – including account names and plaintext #passwords – have been found in two separate publicly-exposed app datasets, researchers at @UpGuard found.
    threatpost.com
    Facebook Data, Passwords Exposed Again in Leaky Datasets
    Researchers say that two publicly exposed dataset are leaking Facebook data- from user names to plaintext passwords.
    7
    211
    154
  • user avatar
    Threatpost
    @threatpost
    Jun 19, 2019
    #Mozilla released an emergency patch for a critical #Firefox flaw that is being actively exploited in targeted attacks.
    threatpost.com
    Mozilla Releases Emergency Patch for Firefox Zero Day
    Mozilla is urging users to update to Firefox 67.0.3 and Firefox ESR 60.7.1 after discovering a critical flaw under active attack.
    4
    173
    161
  • user avatar
    Threatpost
    @threatpost
    Jul 7, 2020
    #Citrix warned of multiple #security flaws that could allow code injection and data theft - including four that are exploitable by unauthenticated, remote attackers.
    threatpost.com
    Citrix Bugs Allow Unauthenticated Code Injection, Data Theft
    Admins should patch their Citrix ADC and Gateway installs immediately.
    3
    107
    135
  • user avatar
    Threatpost
    @threatpost
    Sep 12, 2017
    In in lieu of a patch... “I advise to IMMEDIATELY DISCONNECT vulnerable routers from the Internet.” bit.ly/2jhkqY6
    35
    97
  • user avatar
    Threatpost
    @threatpost
    Feb 20, 2019
    Secure password firms (1Password, Dashlane, KeePass and LastPass) are blasting a #security report highlighting how the utilities can be cracked open to steal #passwords.
    threatpost.com
    Password Manager Firms Blast Back at ‘Leaky Password’ Revelations
    1Password, Dashlane, KeePass and LastPass each downplay what researchers say is a flaw in how the utilities manage memory.
    7
    112
    119
  • user avatar
    Threatpost
    @threatpost
    Sep 12, 2020
    This Office 365 #phishing attack leverages real-time Active Directory validation of credentials. #Office365
    threatpost.com
    Office 365 Phishing Attack Leverages Real-Time Active Directory Validation
    Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.
    82
    107
  • user avatar
    Threatpost
    @threatpost
    May 2, 2020
    Two separate attacks have targeted as many as 50,000 different #Teams users, with the goal of phishing #Microsoft Office 365 logins. threatpost.com/microsoft-team…
    1
    110
    105
  • user avatar
    Threatpost
    @threatpost
    Jul 10, 2019
    The latest #iOS and Android versions of the FinSpy #malware have been deployed in the wild. The espionage tool can eavesdrop on Signal, Telegram and WhatsApp messages and calls.
    threatpost.com
    Latest FinSpy Modules Lift Data from Secure Messaging Apps
    The espionage tool is capable of eavesdropping on calls and messages sent via Signal, Telegram, WhatsApp and more.
    2
    62
    70
  • user avatar
    Threatpost
    @threatpost
    Jul 8, 2020
    15 billion usernames and #passwords are currently for sale on underground forums - over three times the number available two years ago. (via @digitalshadows)
    threatpost.com
    15 Billion Credentials Currently Up for Grabs on Hacker Forums
    Unprecedented amounts of data for accessing bank accounts and streaming services are being flogged on the dark web.
    1
    92
    94
  • user avatar
    Threatpost
    @threatpost
    Mar 19, 2019
    Researchers have released a proof-of-concept showing how a XXE #security vulnerability can be exploited to attack #Ghidra project users.
    threatpost.com
    NSA’s Ghidra Reverse-Engineering Tool Can Be Used for RCE
    Researchers have released a proof-of-concept showing how a XXE vulnerability can be exploited to attack Ghidra project users.
    2
    73
    98
  • user avatar
    Threatpost
    @threatpost
    Nov 16, 2018
    A strange glitch in #Gmail can be exploited to place emails into a person’s “Sent” folder — even if that person never sent them.
    threatpost.com
    Gmail Glitch Offers Stealthy Trick for Phishing Attacks
    The issue comes from how Gmail automatically files messages into the "Sent" folder.
    1
    87
    88
  • user avatar
    Threatpost
    @threatpost
    Aug 7, 2020
    A ‘zero-click’ #MacOS exploit chain using #Microsoft Office macros was revealed at Black Hat. threatpost.com/black-hat-zero…
    2
    85
    87