An obscure Apple kernel extension patched in iOS 10.3.3 was originally built without security measures in place, according to the researcher who privately disclosed the flaws.

An insecure Apple authorization API is used by numerous popular third-party application installers and can be abused by attackers ro run code as root.

Zerodium announced new $500,000 payouts for zero days in secure messaging apps such as Signal, WhatsApp and others.

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Researchers say the Neptune, or Terror exploit kit has been spreading Monero cryptocurrency miners via malvertisements.

Foxit Software says it will fix two vulnerabilities in its PDF reader products that could be triggered through its JavaScript API to execute code.

VoIP vendor Fuze earlier this year patched three vulnerabilities that exposed user account information and enabled unauthorized authentication.

Researchers at IOActive are sounding an early alarm on the security of industrial collaboration robots, or cobots. These machines work side-by-side with people and contain vulnerabilities that could put physical safety at risk.

Voter registration data belonging to the entirety of Chicago’s electoral roll—1.8 million records—was found a week ago in an Amazon Web Services bucket.

Despite yesterday’s leak of the Apple iOS Secure Enclave decryption key, experts are urging calm over claims of an immediate threat to user data.