The good news is the cost of a data breach is down double-digits, the bad news the size and scope of breaches is creeping up.

Developers with Drupal patched three vulnerabilities, one critical, one being exploited in the wild, in Drupal’s core engine on Wednesday.

Researchers at CyberArk have developed a bypass for Windows PatchGuard that leverages Intel’s Processor Trace (Intel PT) technology to execute code at the kernel.

Microsoft said Wednesday it would extend its Edge bug bounty program indefinitely.

OpenVPN patched four vulnerabilities privately disclosed by Dutch researcher Guido Vranken, including a critical issue that could lead to remote code execution.

Avaya released a patch last week for a remote code execution vulnerability in its Avaya Aura Application Enablement Services software.

Router manufacturer TP-Link recently fixed a vulnerability in a discontinued line of routers that if exploited could have been used to execute code on the device.

Researchers find flaws in an internet-connected drill, but say minimal, hard-to-find bugs indicate there is hope for IoT security.

The SMBv1 file-sharing protocol abused by the NSA’s EternalBlue exploit to spread WannaCry ransomware is being disabled in the upcoming Windows Fall Creators Update, or Redstone 3.

Patches are available for a newly discovered Linux, BSD and Solaris vulnerability called Stack Clash that bypasses stack guard-page mitigations and enables root access.