Siemens is warning customers of a local privilege escalation vulnerability that leaves over a dozen models of its SCADA equipment open to attack.

Yahoo’s latest SEC filing includes confirmation that it knew attackers were on its network in 2014 and stole information on 500 million accounts.

Mobile app developers need to be aware of improper OAuth 2.0 implementations that have put one billion mobile apps at risk to takeover.

A phishing campaign is targeting some of the 22 million victims of the massive United States Office of Personnel Management breaches of 2014 and 2015.

Google’s Safe Browsing program expands to include “Repeat Offender” websites in blacklisting program.

An issue in iOS WebView that is trivial to exploit can give an attacker the ability to trigger phone calls from a targeted device, researcher Collin Mulliner said.

The banking Trojan TrickBot is evolving fast, according to researchers, and within weeks will expand its victim list and attack scope.

Microsoft released 14 security bulletins today, six rated critical. Among the fixes is a patch for a Windows kernel zero-day vulnerability disclosed by Google that was being used in attacks by the Sofacy APT gang.

Google’s November Android Security Bulletin patched 15 critical vulnerabilities, but only a supplemental patch for the Dirty Cow Linux vulnerability.

Adobe again released a security update for Flash Player, patching nine remote code execution vulnerabilities. Adobe Connect for Windows was also updated.