Adobe is working on a fix for a Flash Player vulnerability that can be exploited via clickjacking techniques to turn on people's webcams or microphones without their knowledge.
Stories by Lucian Constantin
Opera Software has released an update for its desktop browser in order to address a critical vulnerability in its handling of Scalable Vector Graphics (SVG) files, disclosed a week ago. The company denies refusing to patch the flaw when it was brought to its attention earlier this year.
The cloud-based design of Amazon's Silk browser has positive security side effects because it encrypts all traffic between users and websites, especially important when connected over unprotected Wi-Fi networks where session hijacking attacks can occur easily, the company said.
A Trojan used by German law enforcement authorities to intercept Internet phone calls is capable of monitoring traffic from 15 programs, including browsers and instant messaging applications.
Oracle has released a new Java security update to address multiple vulnerabilities, including one exploited during a recently disclosed attack that can allow eavesdropping on encrypted communications.
Distributed denial of service and SQL injection are the main types of attack discussed on hacking forums, according to new research from security vendor Imperva.
Some of the users who visited KickassTorrents (KAT), one of the most popular torrent trackers on the Internet, over the weekend had the nasty surprise of being infected with a rogue antivirus program called "Security Sphere 2012."
Searching for Flash Player on Bing and Yahoo can lead to rogue pages distributing a hard-to-remove rootkit, according to security researchers from antivirus vendor GFI Software.
Apple has released a massive security update for Mac OS X along with a new version of its OS, however, according to several reports, installing the patches could render computers unbootable.
The Zeus financial malware has been updated with P-to-P (peer-to-peer) functionality that makes it much more resilient to take-down efforts and gives its controllers flexibility in how they run their fraud operations.
Finnish security firm Stonesoft claims to have developed 163 new attack methods that can evade network intrusion detection and prevention systems (IDPS) over multiple communication protocols including IPv4, IPv6, TCP and HTTP.
The 4GB worth of email stolen by the LulzSec hacking group from The Sun earlier this year are sitting on a server in China, according to "Sabu," the outfit's alleged leader.
Members of a hacking think-tank called Blackhat Academy claim that Facebook's URL scanning systems can be tricked into thinking malicious pages are clean by using simple content cloaking techniques.
Facebook is ignoring a serious shortcoming in the way it limits application developers' access to information about Facebook users, according to a pair of hackers.
Researchers from browser security vendor Trusteer have identified a new variant of the SpyEye financial Trojan that tricks online banking users into changing the phone numbers associated with their accounts.