The government announced its second bug bounty program called Hack the Army, which will concentrate on finding bugs in recruiting websites and databases.

Researchers say BlackNurse attacks are low bandwidth (18Mbps) and can still knock offline many of today’s firewalls.

An OpenSSL update released on Thursday patched three vulnerabilities included one rated high severity in TLS connections using the ChaCha20-Poly 1305 ciphersuite.

Siemens is warning customers of a local privilege escalation vulnerability that leaves over a dozen models of its SCADA equipment open to attack.

Mobile app developers need to be aware of improper OAuth 2.0 implementations that have put one billion mobile apps at risk to takeover.

A phishing campaign is targeting some of the 22 million victims of the massive United States Office of Personnel Management breaches of 2014 and 2015.

Google’s Safe Browsing program expands to include “Repeat Offender” websites in blacklisting program.

An issue in iOS WebView that is trivial to exploit can give an attacker the ability to trigger phone calls from a targeted device, researcher Collin Mulliner said.

The banking Trojan TrickBot is evolving fast, according to researchers, and within weeks will expand its victim list and attack scope.

Microsoft released 14 security bulletins today, six rated critical. Among the fixes is a patch for a Windows kernel zero-day vulnerability disclosed by Google that was being used in attacks by the Sofacy APT gang.