Enterprise applications from Oracle and others could be becoming juicier targets for attackers.

Microsoft on Tuesday patched a vulnerability in LSASS, the second attempt it has taken at fixing a remote denial-of-service issue in the critical Windows process.

Microsoft patched a half-dozen critical browser vulnerabilities that have been publicly disclosed, but apparently not used in attacks as of yet.

Microsoft released 10 security bulletins on Patch Tuesday that included patches for five zero day vulnerabilities under attack that had not been publicly disclosed until today.

The news of the week is discussed, including Schneier’s DDoS article, a patched IE/Edge zero day, a new OS X malware detection method, and Google’s Project Zero prize.

A tricky vulnerability patched today in the Windows PDF Library could have put Microsoft Edge users on Windows 10 systems at risk for remote code execution attacks. Edge automatically renders PDF content when it’s set as a computer’s default browser, unlike most other browsers; the feature means that exploits would execute by simply viewing a...

In addition to fixing the serious crypto vulnerabilities in iMessage that surfaced yesterday, Apple also deployed patches for nearly all of its products, including Safari, OS X, iOS, Apple TV’s tvOS, and watchOS. The iOS update, 9.3, is arguably the most pressing given the cryptographic issue dug up by researchers at Johns Hopkins University, but it...