Even Charles Darwin couldn't protect his Twitter account from being hijacked after a researcher stole his cookies and passwords by exploiting a reported universal cross-site scripting vulnerability in the Microsoft Edge browser.
A Github user has published an open-source workaround that supposedly circumvents Microsoft's new block on receiving security updates for systems running Windows 7 or 8.1 on a PC powered by a sixth-generation processor.
April 19 may now be known as Oracle Patch Day with the company issuing and record 299 critical security fixes, including several that patch issues that can be exploited by some of the leaked NSA tools.
Microsoft's April Patch Tuesday finally revealed the company's new approach in rolling out and informing the industry on the security updates for the month and at best has received mixed reviews from industry insiders.
A Google Project Zero researcher has detailed a series of vulnerabilities in Broadcom's Wi-Fi chipsets that could potentially allow remote code execution on Android and iOS devices.
Days after releasing the iOS 10.3 patch, Apple has released a new patch, iOS 10.3.1, to correct a code execution flaw that could be exploited via WiFi.
For the second time in two weeks, Google researcher Tavis Ormandy has discovered a critical vulnerability in LastPass.
Apple on Monday released security updates for multiple products, and in the process also reconfigured iOS to address a pop-up issue that scammers were abusing to lock users out of their Safari mobile browsers in an attempt to extort money.
Apple last week updated its iTunes software to version 12.6 for its macOS products as well as Windows devices, in both cases fixing the same 17 vulnerabilities.
Running PHP 2.0.1 turns out to be a bad way to secure network devices against a range of threats including cross-site request forgery attacks.
A researcher has already found an old vulnerability in the Nintendo Switch which could allow remote attackers to execute arbitrary code.
A new vulnerability has been spotted in Apache's Struts open-source project that has been spotted active in the wild allowing remote code execution.
Security research firm ACROS Security has issued a third-party patch for a Microsoft vulnerability that Google disclosed last month after Microsoft failed to issue a patch within Google's imposed 90-day deadline.
The day after Cisco warned about a flaw in its Smart Install clients the company issued an advisory concerning a vulnerability in its Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA).
Cisco Talos research team has spotted multiple remote code execution vulnerabilities in the Iceni Argus PDF content extraction product.
Cloud security vendor fixes cross-site-scripting bug, downplays the threat, says it would only affect co-workers.
TeamSIK has published a security assessment of nine popular password management applications on Android devices and found them all to contain security vulnerabilities. All vulnerabilities have been patched prior to publication.
Huawei Technologies has released a new software update that patches a privilege escalation vulnerability in its Huawei Themes mobile app that could ultimately result in arbitrary code execution.
A security researcher from Google's Project Zero has revealed a bug in Windows' Graphic Component GDI Library prior to Microsoft issuing a patch, despite Microsoft being warned back in November 2016.
More than 100,000 WordPress web pages have been defaced, following last week's public disclosure of a patched vulnerability that allows attackers to remotely modify the content of pages and posts.
Microsoft Windows users beware of an unpatched memory corruption bug which could be exploited to cause Dos attacks.
WordPress last week silently patched a high-severity zero-day vulnerability that can allow unauthorized users to remotely modify a web page's content and change any post.
ESET researchers have offered programmers a few tips for spotting vulnerable code and how to correct them before they make it into your system.
Mozilla issued two security advisories covering Firefox and Firefox ESR that between them contain 33 security patches, five rated as critical.
A vulnerability in Cisco's WebEx Chrome extension reportedly could have allowed adversaries to remotely execute code on machines that visited compromised URLs containing a special string of characters.
Anyone owning an Apple device probably needs to patch it.