As we approach the first anniversary of the ShadowBrokers, their true identity and source of their stolen NSA exploits remains a mystery.

Three radiation monitoring device vendors will not patch a handful of vulnerabilities that could be abused by hackers, including a backdoor that affords high privileges on one device.

Microsoft has said it will not patch a two-decade-old Windows SMB vulnerability, called SMBloris because it behaves comparably to the Slowloris attacks. The flaw will be disclosed and demonstrated during DEF CON.

Researchers have a devised a way to trick a web server into caching pages and exposing personal data to attackers.

Mike Mimoso and Tom Spring preview Black Hat, which starts tomorrow in Las Vegas.

Researcher Paulos Yibelo said that Dashlane elected not to patch a vulnerability he disclosed more than a year ago in all versions of the password manager application.

Apple released iOS 10.3.3 Wednesday that serves as a cumulative patch update for multiple vulnerabilities including the high-profile BroadPwn bug.

Tens of millions of products ranging from airport surveillance cameras, sensors, networking equipment and IoT devices are vulnerable to a flaw that allows attacks to remotely gain control over devices or crash them.

Oracle’s July Critical Patch Update included fixes for 308 vulnerabilities, 165 of which are remotely exploitable.

Oracle today in its Critical Patch Update addressed a critical vulnerability in its Oracle E-Business Suite of business applications that allows for the download of business documents.