Two researchers wrote about the Instagram app for iOS and Android is vulnerable to session hijacking because both send unsecured information through HTTP.
In a study, HP Fortify tested 10 popular Internet of Things (IoT) devices, including TVs, webcams and device control hubs.
Researchers with Bluebox, who uncovered the vulnerability, dubbed it "Fake ID" because it enables the identity of trusted applications to be copied.
Attackers are taking advantage of a vulnerability in the popular MailPoet plugin, which has nearly two million users, to compromise thousands of WordPress sites.
Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.
Researchers at Symantec say attackers are becoming more aggressive and using Facebook scams to exploit users' computers.
In total, Firefox 31 brings 11 patches for several flaws affecting the web browser.
The Wall Street Journal confirmed on Tuesday that an outside party exploited a vulnerability and hacked into its new graphics systems.
The vulnerabilities can be exploited remotely, and fairly easily, by an attacker to hijack sessions and crash the web server of the product.
The SyScan +360 conference offered a $10,000 prize to anyone who uncovered vulnerabilities in Tesla's Model S car, which the automaker vowed to fix.
A Secunia quarterly report found Microsoft XML Core Services 4 to be the "most exposed" of widely used programs.
An RCE vulnerability existing in several Cisco Wireless Residential Gateway products can be exploited to serve up fraudulent advertisements and deliver malware.
The most critical flaws were in Java and Oracle Database Server.
Rather than predicting the next lightning strike it is far better to pay attention to the areas we already know are vulnerable.
Microsoft blames a "well known" design limitation in Active Directory's authentication protocol, but researchers who discovered the exploit beg to differ.
Apple published a security notice saying that older versions of Adobe Flash contain vulnerabilities that can be exploited by Rosetta Flash.
A cross-site scripting flaw impacting a Kaspersky website was quickly addressed by the security software company.
Emails and user credentials can be stolen in a man-in-the-middle attack because the Gmail iOS app does not perform certificate pinning.
A cross-site scripting vulnerability identified on the Kaspersky website could enable an attacker to steal a variety of data.
In its monthly Patch Tuesday update, Microsoft plugged a slew of critical bugs in Internet Explorer that could allow remote code execution.
HotelStayUK shut down its HotelHippo booking site for good amidst assurances that other sites in the group are unaffected by security woes.
Remote code execution (RCE) flaws in Windows and IE will receive top priority this month.
Frustrated by the NSA dragging its heels on a FOIA request, the EFF takes the NSA to court to secure records on vulnerabilities disclosure criteria.
A HotelHippo customer who happens to be a security consultant found multiple security flaws when he tried to book accommodations.
Dubbed Security Monkey, the latest tool is now available on the company's GitHub site for developers that utilize Amazon Web Services.
Apple addressed various vulnerabilities in Mavericks, Safari, iOS and Apple TV, several of which can enable arbitrary code execution.
The serious buffer overflow vulnerability affects Android 4.3, or devices running Jelly Bean.
Beyond a reasonable doubt is that using a defense in depth strategy makes it substantially more difficult for cyber criminals to obtain sensitive information.
AskMen.com changes its original statement and reveals that roughly 0.1 percent of its readers were exposed to malware.
The WebShot feature of TimThumb, an image resizing utility commonly used on blogging platform WordPress, is affected by a remote code execution vulnerability.