Microsoft appears to have silently fixed a two-year-old bug in in Windows Kernel Object Manager that could have allowed for the bypass of privileges in Google’s Chrome browser.

The Tor Project has provided a browser update that patches a zero-day vulnerability being exploited in the wild to de-anonymize Tor users.

A zero-day vulnerability in Firefox, similar to one created by the FBI in 2013, is actively being exploited in the Tor Project’s anonymizing TorBrowser.

Researchers have discovered that criminals behind the latest Cerber ransomware variant are leveraging Google redirects and Tor2Web proxies in a new and novel way to evade detection.

Researchers say they spotted the remote access Trojan NetWire stealing payment card data from one organization.

Attackers are targeting DSL routers this week with what’s being called a potent new variant of the Mirai malware that knocked offline major Internet companies like Twitter and Spotify last month.

PayPal fixed an issue that could have allowed an attacker to hijack OAuth tokens associated with any PayPal OAuth application. The vulnerability was publicly disclosed on Monday by Antonio Sanso, a senior software engineer at Adobe, after he came across the issue while testing his own OAuth client. For its part, PayPal remedied the vulnerability about...

The San Francisco Municipal Transport Agency says it has contained a ransomware attack, but now it faces new unsubstantiated claims by attackers who say they have 30GB of the agency’s data.

Vulnerabilities in UberCENTRAL, a portal used by businesses to facilitate rides, could have leaked the names, phone numbers, email addresses, and unique IDs.

Banks in Asia and Africa have been targeted with exploits for a zero-day vulnerability in InPage publishing software popular in Arabic-speaking nations.