Microsoft has topped a list of biggest US spammers for five out of the past 15 months, and for some of those months it ranked No. 1 in the world, according to a University of Texas study to flag the worst offenders in an effort to get them to improve their security.

Microsoft may or may not have the ability to tap Skype phone calls, but the company just won't say, and it's not clear why.

An industry consortium dedicated to assuring the security of software has issued guidelines to lower the risk that vulnerabilities that could be exploited by attackers will wind up in finished code.

Starting next month, updated Windows operating systems will reject encryption keys smaller than 1024 bits, which could cause problems for customer applications accessing Web sites and email platforms that use the keys.

When Patch Tuesday rolls around next week, Microsoft will address three critical security issues using an improved version of Windows Update that closes a loophole exploited by Flame malware.

Microsoft has put faces and names to two of 39 "John Doe" defendants accused of running Zeus botnets responsible for scamming hundreds of millions of dollars from banks internationally.

The red-headed Russian whose spy ring made tech blunder after tech blunder on its way to being summarily deported from the U.S. is now prowling the catwalk at fashion shows.

Back when the Microsoft Update piece of the Flame espionage-software package was still undetected it could have sold for $1 million on the malware black market, a security researcher says.

Next week's Patch Tuesday will feature a fix for a vulnerability in Internet Explorer that came to light at the celebrated Pwn2Own hacking competition held earlier this year at CanSecWest.

A group of HTC Android phones is susceptible to an exploit that can steal Wi-Fi credentials and passwords and send them to attackers.

Windows 8 includes a reset function that restores the operating system to a clean state and scrubs data applications from the disk, but falls short of making that data unrecoverable, according to Microsoft.

Password use needs an overhaul that is driven not by guesswork but by actually understanding the real damage that can be done when password security is compromised, according to a Microsoft researcher.

Check Point and Amazon Web Services are teaming up to enable Check Point Security Gateway functionality to boost cloud security for business assets.

The Windows 8 feature that logs users in if they touch certain points in a photo in the right order might be fun, but it's not very good security, according to the inventor of RSA's SecurID token.

All new malware being written for mobile devices targets Android, according to a McAfee report on malware trends in Q3 2011.