Running PHP 2.0.1 turns out to be a bad way to secure network devices against a range of threats including cross-site request forgery attacks.
A researcher has already found an old vulnerability in the Nintendo Switch which could allow remote attackers to execute arbitrary code.
A new vulnerability has been spotted in Apache's Struts open-source project that has been spotted active in the wild allowing remote code execution.
Security research firm ACROS Security has issued a third-party patch for a Microsoft vulnerability that Google disclosed last month after Microsoft failed to issue a patch within Google's imposed 90-day deadline.
The day after Cisco warned about a flaw in its Smart Install clients the company issued an advisory concerning a vulnerability in its Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA).
Cisco Talos research team has spotted multiple remote code execution vulnerabilities in the Iceni Argus PDF content extraction product.
Cloud security vendor fixes cross-site-scripting bug, downplays the threat, says it would only affect co-workers.
TeamSIK has published a security assessment of nine popular password management applications on Android devices and found them all to contain security vulnerabilities. All vulnerabilities have been patched prior to publication.
Huawei Technologies has released a new software update that patches a privilege escalation vulnerability in its Huawei Themes mobile app that could ultimately result in arbitrary code execution.
A security researcher from Google's Project Zero has revealed a bug in Windows' Graphic Component GDI Library prior to Microsoft issuing a patch, despite Microsoft being warned back in November 2016.
More than 100,000 WordPress web pages have been defaced, following last week's public disclosure of a patched vulnerability that allows attackers to remotely modify the content of pages and posts.
Microsoft Windows users beware of an unpatched memory corruption bug which could be exploited to cause Dos attacks.
WordPress last week silently patched a high-severity zero-day vulnerability that can allow unauthorized users to remotely modify a web page's content and change any post.
ESET researchers have offered programmers a few tips for spotting vulnerable code and how to correct them before they make it into your system.
Mozilla issued two security advisories covering Firefox and Firefox ESR that between them contain 33 security patches, five rated as critical.
A vulnerability in Cisco's WebEx Chrome extension reportedly could have allowed adversaries to remotely execute code on machines that visited compromised URLs containing a special string of characters.
Anyone owning an Apple device probably needs to patch it.
Microsoft's first Patch Tuesday for the year proved lighter than usual with the company rolling out four security bulletins today that cover just four potential exploits, two of which are rated critical.
Adobe's first Patch Tuesday of 2017 features 42 critical security fixes for its Flash Player and other products.
If left unaddressed, a recently patched Android vulnerability affecting Nexus 6 and Nexus 6P phablets can allow attackers to invade device owners' privacy and steal their information, according to an analysis report by IBM security researchers.
A number of fixes were issued on Wednesday for security vulnerabilities in Thunderbird 45.6.
Security researchers found three zero-day vulnerabilities in PHP 7, all of which could prove extremely dangerous to any site using the web programming language.
Older versions of the code library PHPMailer contain a critical vulnerability that remote attackers can leverage to take over a web server account and compromise a targeted web application via arbitrary code execution.
Joomla patched a vulnerability (CVE-2016-9838) which if exploited could allow an attacker to reset login credentials and take over sites.
Netgear released firmware updates for several router models to patch a publicly known critical vulnerability.
Adobe rounded out 2016 the same way it rang in 2015, by issuing a slew of patches, including one fixing a zero-day that is currently in the wild and impacting Flash Player.
Microsoft's last Patch Tuesday of 2016 featured six critical updates, 12 overall, covering 34 flaws all of which, if exploited, could lead to remote code execution.
RIPS Technologies researchers spotted a command execution vulnerability in Roundcube open source webmail software.
Google on Thursday announced an update to its desktop version of Chrome, including security fixes of 36 vulnerabilities, 15 of which were designated high severity.