Security News

Apple released updates across its product lines, including iOS 10.2.1, patching a number of critical code execution vulnerabilities in the kernel, libarchive and WebKit.

Technology providers and their customers are joining forces to advance a standard format for vendors to disclose cybersecurity vulnerabilities. The work of the new OASIS Common Security Advisory...

Oracle has released the first Critical Patch Update scheduled for 2017, and it’s massive. It fixes 270 vulnerabilities across multiple products, and over 100 of them are remotely exploitable by...

MedSec CEO Justine Bone talks to Mike Mimoso about the St. Jude Medical vulnerabilities, the considerations her company and Muddy Waters made in short selling St. Jude stock, and the current state...

Oracle patched 270 vulnerabilities, many remotely exploitable, across 45 different products as part of its quarterly Critical Patch Update (CPU) on Tuesday.

Researchers say iTunes and Apple's App Store suffer from a persistent input validation and mail encoding web vulnerability. If exploited, it could allow an attacker to inject their own malicious script.

Command injection vulnerabilities and accessible default admin credentials in home routers distributed by Thailand’s largest broadband provider remain unpatched despite private disclosures to the...

A new WordPress update, pushed this week, resolves eight security issues, including a handful of XSS and CSRF bugs.

Microsoft patched two vulnerabilities rated critical that tied to Office 2016, its Edge browser and its Local Security Authority Subsystem Service (LSASS).

Google patched a critical hole in its problematic Android Mediaserver component that could have allowed an attacker to use email, web browsing, and MMS processing of media files to remotely execute code.