For a long time, exploit kits were the most prolific malware distribution vehicle available to attackers. Where did they go and what’s replaced them?

Google removed a family of malicious apps, Chamois, from its Play marketplace recently that were found manipulating ad traffic.

Microsoft released 18 security bulletins, eight rated critical. The company also patched publicly disclosed vulnerabilities that surfaced since last month’s postponement of Patch Tuesday.

Adobe fixed seven vulnerabilities, six that could lead to code execution, in Flash Player on Tuesday.

The recently patched REST API Endpoint vulnerability in WordPress could be leveraged to pull off stored cross-site scripting attacks.

SAP patched a critical vulnerability in its cloud-based business platform HANA today that if exploited, could allow for a full system compromise, without authentication.

Researchers at Check Point found and remediated malware on 38 Android devices that were infected somewhere along the supply chain.

Researchers said last week they came across a malicious function that was snuck into a module in Magento in order to steal credit card information.

Google has re-issued its over-the-air Android security update after Nexus 6 users reported that the patches broke the SafetyNet API and features such as Android Pay no longer worked.

Double Robotics telepresence robots were patched against vulnerabilities that leaked device data and session keys and tokens.