OpenVPN patched four vulnerabilities privately disclosed by Dutch researcher Guido Vranken, including a critical issue that could lead to remote code execution.

Avaya released a patch last week for a remote code execution vulnerability in its Avaya Aura Application Enablement Services software.

Router manufacturer TP-Link recently fixed a vulnerability in a discontinued line of routers that if exploited could have been used to execute code on the device.

Researchers find flaws in an internet-connected drill, but say minimal, hard-to-find bugs indicate there is hope for IoT security.

Proofpoint has connected the University College London ransomware to Mole, spread by AdGholas malvertising campaigns and the Astrum Exploit Kit.

Encrypted email service ProtonMail announced it was launching its own VPN, ProtonVPN, on Tuesday.

Google removed two apps, Magic Browser, and Noise Detector, that were vehicles for the Ztorg Trojan, Kaspersky Lab said.

The SMBv1 file-sharing protocol abused by the NSA’s EternalBlue exploit to spread WannaCry ransomware is being disabled in the upcoming Windows Fall Creators Update, or Redstone 3.

A string of data thefts targeting North American mining companies and casinos are extorting as much as $620,000 from victims.

Dozens of Mexican journalists, lawyers, and even a child, were hit with Pegasus, commercially-produced spyware, as part of a campaign believed to be carried out by the nation’s government.