Apache has patched a critical remote code-execution vulnerability in Struts 2, and users should update immediately.

July’s critical patch update addresses 334 security vulnerabilities (including 61 rated critical) covering a vast swathe of the Oracle enterprise portfolio.

The Terror exploit kit has matured into a greater threat and carefully crafts attacks based on a user’s browser environment.

At F8 today, Facebook released SDKs and documentation for the integration of Delegated Account Recovery into Java, NodeJS and Ruby applications.

Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity (XXE) flaws allow for firewall bypasses.

Oracle fixed 253 vulnerabilities across 76 different products with its quarterly Critical Patch Update.

For the second time in two weeks, researchers have discovered a three-year-old broken patch for a vulnerability in IBM’s Java SDK implementation. The flaw allows for an attacker to execute code outside the Java sandbox, and still affects current versions of IBM SDK, 7 and 8, released in January. Details of the vulnerability and proof-of-concept...

Oracle yesterday released an emergency patch for a Java vulnerability that was improperly patched in 2013. Researchers at Security Explorations in Poland two weeks ago disclosed that a Java patch for an issue the company reported in 2013, CVE-2013-5838, was still trivially exploitable, and it enabled attackers to remotely execute code and bypass the Java...

Java’s miserable 2013 just will not go away. One of the endless parade of bugs found in the platform throughout 2013—many of which were zero-day vulnerabilities exploited in targeted attacks—apparently wasn’t closed off completely by an October 2013 patch released by Oracle. Researchers at Polish security company Security Explorations last week disclosed that Oracle’s patch...

Mike Mimoso and Chris Brook discuss the news of the week, including the latest on the BlackEnergy APT Group, Amazon getting into the SSL certificate game, and government agencies being told to audit their systems for the Juniper backdoor. Download: news_wrap_01-29-16.mp3 Music by Chris Gonsalves