Researchers have disclosed a zero-day vulnerability and proof-of-concept exploit for a flaw in Microsoft IIS 6.0. The zero-day has been under attack since last July, the researchers said.

Five vulnerabilities exist in Siemens RUGGEDCOM gear; the vendor has made a number of workarounds available, but it’s unknown whether patches will be made available.

VMware patched vulnerabilities uncovered earlier this month at Pwn2Own that could have let an attacker execute code on the VMware Workstation and carry out a virtual machine escape.

Microsoft patched a zero-day vulnerability actively used in a campaign by a hacking group known as Zirconium.

Apple fixed hundreds of bugs, 223 to be exact, across macOS Sierra, iOS, Safari, watchOS, and tvOS on Monday.

Researchers report new connections between Magic Hound and Shamoon 2, along with descriptions of how the Disttrack malware component of campaigns moves laterally within infected networks.

The latest Wikileaks dump of Apple hacking tools, the LastPass vulnerabilities, and a new Android security report are discussed.

Cisco Systems patched a critical vulnerability that could give an attacker root privileges to software running on two of its IoT router models.

Google said half of Android devices are unpatched and that percentage of potentially harmful apps on phones installed from all sources rose in 2016.

Researchers at ERPScan today disclosed details and a proof-of-concept exploit for a SAP GUI remote code execution vulnerability patched last week.