The Shadow Brokers group that has been leaking alleged NSA hacking tools, is now threatening to launch a "Dump of the Month" service that will deliver more stolen tools and data to paying subscribers.
A zero-day bug in Microsoft Office and WordPad that hackers exploited to spy on targeted users, implant malware, and steal banking credentials took nine months to fix, according to news reports.
Researchers from Cybellum have discovered a 15-year-old code injection vulnerability and exploit technique that could allow attackers to maliciously take over antivirus programs and other software by abusing Microsoft's Windows Application Verifier debugging tool.
Security research firm ACROS Security has issued a third-party patch for a Microsoft vulnerability that Google disclosed last month after Microsoft failed to issue a patch within Google's imposed 90-day deadline.
Questions continue to swirl surround a mysterious Mac-based remote-access trojan (RAT) malware program called Proton, which Apple addressed in a recent update to its anti-malware program XProtect.
WordPress last week silently patched a high-severity zero-day vulnerability that can allow unauthorized users to remotely modify a web page's content and change any post.
A vulnerability in Cisco's WebEx Chrome extension reportedly could have allowed adversaries to remotely execute code on machines that visited compromised URLs containing a special string of characters.
A hacker claims to have broken into the FBI's website and leaked data onto a Pastebin account, though the agency denies the claim.
Older versions of the code library PHPMailer contain a critical vulnerability that remote attackers can leverage to take over a web server account and compromise a targeted web application via arbitrary code execution.
Russian APT group Sofacy has upped the ante in its campaign to compromise organizations with its "DealersChoice" Flash Player exploit tool, even after Adobe patched a key Flash vulnerability that the tool was observed exploiting.
A new security report casts doubt on Microsoft's attempts to downplay a zero-day exploit used by the Russian APT group.
Microsoft and Adobe released security updates this Patch Tuesday which patched several critical vulnerabilities.
Ten days after privately disclosing an actively exploited, critical Windows vulnerability to Microsoft Corporation, Google's Threat Analysis Group went public with the flaw, despite the lack of a patch.
Microsoft today issued 10 bulletins covering 45 vulnerabilities, including 5 zero days for this month's Patch Tuesday update, the first using the company's new update methodology.