Researchers find six previously unknown memory corruption and unlock-bypass vulnerabilities in major chipset vendors’ firmware code.

Google fixed 81 vulnerabilities, including 13 critical remote code execution bugs, in the September edition of its Android Security Bulletin on Tuesday.

F5 Labs has detected a WireX variant capable of launching UDP flood DDoS attacks.

The Apache Software Foundation released a patch on Tuesday for a critical vulnerability impacting all versions of Struts since 2008.

600 gigabytes of information, including SQL database dumps, code, access logs, and customer information, belonging to BroadSoft and its client, TWC, was left online, accessible to anyone.

Thousands of resumes and job applications from U.S. military veterans, law enforcement, and others were leaked by a recruiting vendor in an unsecured AWS S3 bucket.

A malware campaign utilizing bogus “HoeflerText” popup warnings is back in full swing targeting Google Chrome and Firefox browsers with Locky ransomware attacks and the NetSupport Manager RAT.

The Onliner spambot, Google’s forthcoming Not Secure warnings for Chrome, the WireX botnet, Sarahah privacy and more are discussed.

Researchers identified a vulnerability in National Instruments’ LabVIEW software that will not receive patch by the vendor.

As recently as Wednesday afternoon, a U.S. government website was hosting a malicious JavaScript downloader that led victims to installations of Cerber ransomware. The malware link has since been taken down.