Most applications, including Firefox, are not vulnerable to a pair of memory corruption vulnerabilities patched in the libpng PNG reference library.
Google announced it will begin rolling out warnings in the coming months to inform users if they’ve received a message through a non-encrypted connection.
Research presented during Black Hat Europe demonstrates how attackers can abuse business applications connected to ICS and SCADA gear.
Spring Social, a popular Java library used for social authentication, patched a risky cross-site request forgery vulnerability.
Two new and different strains of point of sale malware have come to light, including one that’s gone largely undetected for the past five years.
At PacSec 2015, researchers demonstrated attacks using poisoned barcodes scanned by numerous keyboard wedge barcode scanners to open a shell on a machine and virtually type control commands.
The Tor Project accuses the FBI of paying Carnegie Mellon University $1 million to attack Tor hidden services and uncloak users of the anonymity network.
Researchers at Endgame shared how two exploit mitigations could go a long way toward wiping out a nasty class of vulnerabilities.
Microsoft addressed an issue in its hypervisor, Hyper-V, this week, that could lead to a denial of service condition.
Microsoft pushed out 12 bulletins as part of November’s Patch Tuesday, including four critical updates, all of which can lead to remote code execution.