Verizon patched late last year persistent- DOM-based cross-site scripting vulnerabilities in its Message+ messaging client that could allow an attacker to control a user’s session.

Microsoft has taken the extraordinary step of providing an emergency update for unsupported Windows XP and Windows 8 machines in the wake of Friday’s WannaCry ransomware outbreak.

Yesterday’s Patch Tuesday release also included an update to Microsoft’s Internet Explorer and Edge browsers officially ending support for the SHA-1 hash function.

Microsoft patched three zero day vulnerabilities actively under attack today as part of its May Patch Tuesday release.

Sites still vulnerable to a REST API endpoint flaw in WordPress are now being targeted by attackers trying to turn a profit.

Data purportedly belonging to 1.5 million members of the video gaming community ESEA, or the E-Sports Entertainment Association League, was leaked over the weekend.

Matthew D. Green, PhD, a well-known cryptographer and researcher at Johns Hopkins University, will carry out an audit of OpenVPN.

Researchers have spotted an increase in Nemucod downloader infections moving via Facebook Messenger spam, with some victims being infected with Locky ransomware.

The security community often thrives on controversy, but when it comes to vulnerability disclosures in life-saving medical devices, ego and attention-grabbing must be put aside.

The disclosure a week ago that three Apple iOS zero days were used to spy on a political dissident from the United Arab Emirates included high-profile exposes of the activities of a cyber arms-dealing outfit in Israel known as the NSO Group and an emergency update for iOS. Last night, Apple expanded the scope of...