Cisco Talos researchers identified multiple unpatched vulnerabilities in the Blender Open Source 3D creation suite that could allow an attacker to run arbitrary code.
The 2017 number brings the total payout for the six-year program to $6.3 million.
Researchers released a whitepaper outlining 147 vulnerabilities in 34 mobile applications used in tandem with Supervisory Control and Data Acquisition (SCADA) systems.
Academic researchers have reported vulnerabilities in the group communication protocols of three encrypted messaging apps -- WhatsApp, Signal, and Threema -- that could allow attackers to willfully subvert their integrity and confidentiality.
The popular Bitcoin client Electrum has developed a patch for a critical vulnerability that allows malicious websites to steal from digital wallets that are not password-protected.
Intel CEO Brian Krzanich's sale of Intel stock in November before security flaws in the chip became public is raising some eyebrows among regulatory and legal officials.
A slew of online services used to manage GPS- and GSM-based location tracking devices have been found vulnerable to flaws that could allow attackers to hijack these devices and reveal their owners' past and current locations.
VMware issued patches on Wednesday for a trio of critical vulnerabilities in its vSphere Data Protection disk-based backup and recovery solution.
Mozilla issued a series of security updates for Thunderbird 52.5.2 that includes a critically rated buffer overflow issue that could lead to a crash if exploited.
Attackers continue to exploit a recently patched remote code execution vulnerability in the Microsoft Equation Editor component of Microsoft Office, this time using the bug to deliver a modified version of Loki information-stealing malware.
VMware on Tuesday patched a series of vulnerabilities in its ESXI, Workstation Pro, and Fusion hypervisors, as well as its vCenter Server Appliance.
Attackers have exploited an old WordPress vulnerability to infect more than one thousand websites with malware capable of injecting malvertising and even creating a rogue admin user with full access privileges, according to researchers.
A Top Google Play App was found to be leaking sensitive data and to contain several OWASP flaws
Apple released security updates for its cellphones, set top box and Window's iCloud platform shortly after rolling out another patch for the KRACK exploits.
Apple has continued to roll out patches to fix the KRACK (Key Reinstallation AttaCKs) series of vulnerabilities, this time in its AirPort Base Station firmware.
Microsoft's December Patch Tuesday release contained 34 vulnerabilities with 22 of these being rated critical and affecting the company's browser products.
A vulnerability found in two keyless entry door locks enables local attackers to lock and unlock doors.
HP said an attacker would need administrative privileges in order to take advantage of the vulnerability.
Researchers believe a suspected Iranian APT group is responsible for a recent cyber espionage operation that targeted a Middle Eastern government organization, using a recently patched remote code execution vulnerability in Microsoft Office as an attack vector.
The vulnerability impacts numerous Microsoft security offerings, including multiple versions of Microsoft Exchange, ForcePoint End Point Protector and Defender.
The Mozilla Foundation has fixed two security issue, one rated critical, in Firefox 57.0.2 and Firefox ESR 52.5.2.
Uber reportedly funneled payment through the program - intended to encourage security researchers to find and disclose vulnerabilities - which is hosted by HackerOne.
Google issued patches for 37 security issues in Chrome, with one being rated critical and six considered high risks, with the release of Chrome 63.0.3239.84.
Eight banking apps and one virtual private app were found to contain a hidden vulnerability in their TLS protections, which can be exploited to perform MITM attacks, according to academic researchers who created a new black-box tool capable of detecting the flaw.
The spoofed emails are "virtually unstoppable," said the researcher who discovered the MailSploit vulnerabilities.