Zero day, Web browser vulnerabilities spike in 2014
The number of zero-day and Web browser vulnerabilities shot up in 2014, but overall software vendors are patching faster.
The number of zero-day and Web browser vulnerabilities shot up in 2014, but overall software vendors are patching faster.
At least one of Microsoft's Patch Tuesday updates looks like an excellent candidate to hackers as they poke around for bugs in the now-retired Windows XP.
The popular Full-Disclosure mailing list that has served as a public discussion forum for vulnerability researchers for the past 12 years was suspended indefinitely by its maintainer.
Recently released security updates for the popular Joomla content management system (CMS) address a SQL injection vulnerability that poses a high risk and can be exploited to extract information from the databases of Joomla-based sites.
The number of vulnerabilities found in Microsoft's Windows 7 and XP operating systems doubled last year over 2012, with the highest number of flaws reported in Windows 8, according to new research from Secunia.
With cybercrime hitting more than 500 million victims globally and costing $100 billion annually, it's clear that security breaches are a problem very far from being solved. One particularly dangerous threat that doesn't seem to be getting its fair share of attention is zero-day attacks.
A hacker released what he claims is a zero-day exploit for older versions of the Parallels Plesk Panel, a popular Web hosting administration software package, that could allow attackers to inject arbitrary PHP code and execute rogue commands on Web servers.
Google wants vendors to fix or offer mitigation advice for previously unknown and actively exploited software vulnerabilities within seven days of their discovery.
The development team behind the popular Nginx open-source Web server software released security updates on Tuesday to address a highly critical vulnerability that could be exploited by remote attackers to execute arbitrary code on susceptible servers.
A critical buffer overflow vulnerability patched this week in the widely used open-source cURL library (libcurl) has the potential to expose a large number of applications and systems to remote code execution attacks.
Versions 2.0.5 and earlier of the popular VLC media player software contain a critical vulnerability that can be potentially exploited by attackers to execute malicious code on computers.
Tens of millions of network-enabled devices including routers, printers, media servers, IP cameras, smart TVs and more can be attacked over the Internet because of dangerous flaws in their implementation of the UPnP (Universal Plug and Play) protocol standard, security researchers from Rapid7 said Tuesday in a research paper.
Foxit released version 5.4.5 of its Foxit Reader PDF viewer plug-in on Thursday in order to address a critical remote code execution vulnerability that could have allowed attackers to compromise computers running previous versions of the software.
A built-in PDF viewer component based on JavaScript and HTML5 Web technologies has been added to the beta version of Firefox 19, Mozilla said Friday.
Foxit Reader, a PDF viewer application often used as an alternative to the more popular Adobe Reader, contains a critical vulnerability in its browser plug-in component that can be exploited by attackers to execute arbitrary code on computers.