The risks surrounding the latest Apache bug, called Optionsbleed, are limited given it can only be attacked under certain conditions. Apache, and many Linux distributions, have patched the flaw.

An undocumented Microsoft Office feature allows for spying via specially crafted Word documents—no macros, exploits or any other active content needed.

A cryptocurrency miner surfaced on The Pirate Bay for a day over the weekend.

A rogue version of the WordPress plugin called “Display Widget” allowed third-parties to injecting spam advertising content into victims’ sites.

Users who run four different types of VMware products, ESXi, vCenter Server, Fusion and Workstation, are being encouraged to update to address a series of vulnerabilities, one critical.

Equifax divulged on Wednesday that the culprit behind this summer's breach of 143 million Americans was an Apache Struts vulnerability, CVE-2017-5638, patched back in March.

Google has ejected 50 apps from its Google Play store that were harboring mobile malware dubbed ExpensiveWall.

Over 4,000 insecure Elasticsearch servers have been hosting the point-of-sale malware Alina and JackPoS.

Exploit acquisition vendor Zerodium said Wednesday it will pay up to $1M for an unknown Tor Browser zero day.

Microsoft fixes 25 critical vulnerabilities including one zero day under attack and one tied to the high-profile BlueBorne attack vector.

Adobe fixed eight vulnerabilities across three products, Flash Player, RoboHelp for Windows, and ColdFusion, as part of its September Patch Tuesday updates.

Researchers warned Monday of two remote code execution vulnerabilities in FreeXL that could let an attacker execute code with local user privileges.

Bluetooth attack vector, dubbed ‘BlueBorne’, leaves billions of smart Bluetooth devices open to attack including Android and Apple phones and millions more Linux-based smart devices.

The Vice President of the Apache Struts PMC says the attackers likely used an unknown Struts zero day or an earlier announced vulnerability.

D-Link router model 850L has 10 vulnerabilities that could allow a hacker to gain remote access and control of device, according to researcher.

Android phones not running the latest Oreo OS are vulnerable to a high-severity “toast” overlay attack.

Victims of the massive Equifax breach may have to wait days to find out if they were impacted.

Equifax, one of the three largest credit agencies in the United States, disclosed Thursday afternoon it's looking into a data breach that may have affected upwards to 143 million Americans.

A new variant of the banking trojan Dridex is part of a sophisticated phishing attack targeting users of the cloud-based accounting firm Xero.

Microsoft is opting to stand pat and not fix a content security bypass vulnerability in its Edge browser, something researchers warn could potentially lead to the disclosure of confidential information.