Adobe issues a second unscheduled update this month to address a bug with a publicly available proof-of-concept code in the wild.

Cisco patched two high-severity vulnerabilities in its Cisco Application Policy Infrastructure Controller (APIC) that could allow an attacker to elevate privileges on the host machine.

Researcher Paulos Yibelo said that Dashlane elected not to patch a vulnerability he disclosed more than a year ago in all versions of the password manager application.

A researcher has published a method by which a local admin can hijack any other Windows sessions without the need for credentials.

Existing mitigations and limitations around a newly disclosed Linux kernel vulnerability in the DCCP module mute the potential impact of local attacks.

Critical vulnerabilities in MySQL and database servers MariaDB and PerconaDB can lead to arbitrary code execution, root privilege escalation, and server compromise.

A researcher has published details and a limited proof-of-concept exploit for a critical vulnerability in MySQL that has been patched by some vendors, but not yet by Oracle. The vulnerability allows an attacker to remotely or locally exploit a vulnerable MySQL database and execute arbitrary code, researcher Dawid Golunski of Legal Hackers wrote today in...

A serious hardware vulnerability, thought to be confined to UEFI drivers in Lenovo and HP laptops, has also been found in firmware running on motherboards sold by Gigabyte. The flaw was publicly disclosed last week by researcher Dmytro Oleksiuk. No patches are yet available. Related Posts Threatpost News Wrap, June 17, 2016 June 17, 2016...

A five-year-old Android vulnerability disclosed today affects hundreds of different device models going back to Jelly Bean 4.3. Older devices are at the greatest risk; newer devices running Android with SE Android, the OS’ implementation of Security Enhanced Linux, are at a lesser risk. The vulnerability allows attackers to escalate privileges on a device, leading...

Mozilla yesterday updated Firefox and patched 10 vulnerabilities, one which was rated critical. Firefox 46 also included patches for four vulnerabilities that Mozilla rated as high severity. Critical bugs enabled remote code execution without user interaction, while bugs rated high can be exploited to steal browser data or inject code into websites via the browser....