Oracle has released an out-of-band patch to fix a gaping security hole in the Oracle WebLogic Node Manager and, warning that an attacker could launch remote attacks over a network without the need for a username and password.

Mozilla says a pair of malicious Firefox add-ons slipped by its security checks and infected approximately 4,600 Windows computers over the last five months.

The browser add-ons, described my Mozilla as "experimental,"  contained a Trojan horse that executed when Firefox started and infected the host computer.

Microsoft's February batch of security patches will be a biggie -- 13 bulletins with fixes for a whopping 26 vulnerabilities.

According to an advance notice from the Redmond, Wash. software vendor, five of the 13 bulletins will be rated "critical" because of the risk of remote code execution attacks.

Microsoft today issued a security advisory to acknowledge an information disclosure hole in its Internet Explorer browser and warned that an attacker could exploit the flaw to access files with an already known filename and location.

The vulnerability was first discussed at this week's Black Hat DC conference by Jorge Luis Alvarez Medina, a security consultant with Core Security Technologies.   Microsoft says the risk is highest for IE users running Windows XP or who have disabled the browser's Protected Mode feature.

Database security expert David Litchfield has unveiled a critical, unpatched vulnerability in Oracle's 11G database software that allows a hacker to take control of an Oracle database and access or modify information at any security level.

Two sections of code within the company's database application -- one that allows data to be moved between servers and another that allows management of Oracle's implementation of java -- are left open to any user, rather than only to privileged administrators. Those vulnerable subroutines each have their own simple flaws that allow the user to gain complete access to the database's contents.  Read the full story [Forbes]

Apple has shipped a patch to cover five documented vulnerabilities that expose iPhone and iPod Touch users to malicious hacker attacks. The most serious flaw could allow remote code execution if an iPhone/iPod Touch user opens audio and image files.

Social networking sites are ideal havens for online criminal activities as they provide a combination of two key factors: a huge number of users and a high-level of trust among these users, cautioned a security specialist. ZDNet Asia spoke to industry experts who highlight the top five security threats enterprises should be mindful about when using social networking sites. Read the full story [ZDNet]

Google has announced that Google Docs will drop support for Microsoft's nearly nine-year-old Internet Explorer 6 (IE6) browser starting on March 1.

Ironically, if Google had taken its anti-IE6 advice to heart before hackers broke into its corporate network last year, it might not now be mulling whether to abandon the Chinese search market. Read the full story [ComputerWorld]

Microsoft's Internet Explorer (IE) could inadvertently allow a hacker to read files on a person's computer, another problem for the company just days after a serious vulnerability received an emergency patch.  Read the full story [IDG News Service]

A flaw in Twitter's website has left the login credentials of its users vulnerable to hackers, according to a security researcher who has asked the social media company to fix the problem.  Read the full story [Reuters]