A rogue version of the WordPress plugin called “Display Widget” allowed third-parties to injecting spam advertising content into victims’ sites.

Users who run four different types of VMware products, ESXi, vCenter Server, Fusion and Workstation, are being encouraged to update to address a series of vulnerabilities, one critical.

Equifax divulged on Wednesday that the culprit behind this summer’s breach of 143 million Americans was an Apache Struts vulnerability, CVE-2017-5638, patched back in March.

Google has ejected 50 apps from its Google Play store that were harboring mobile malware dubbed ExpensiveWall.

Over 4,000 insecure Elasticsearch servers have been hosting the point-of-sale malware Alina and JackPoS.

Exploit acquisition vendor Zerodium said Wednesday it will pay up to $1M for an unknown Tor Browser zero day.

Microsoft fixes 25 critical vulnerabilities including one zero day under attack and one tied to the high-profile BlueBorne attack vector.

Adobe fixed eight vulnerabilities across three products, Flash Player, RoboHelp for Windows, and ColdFusion, as part of its September Patch Tuesday updates.

Researchers warned Monday of two remote code execution vulnerabilities in FreeXL that could let an attacker execute code with local user privileges.

Bluetooth attack vector, dubbed ‘BlueBorne’, leaves billions of smart Bluetooth devices open to attack including Android and Apple phones and millions more Linux-based smart devices.