Adobe patched 13 code execution vulnerabilities in Flash Player today as part of its regular patch update cycle.

A researcher disclosed vulnerabilities in TP-Link C2 and C20i routers that allow for remote code execution and denial-of-service attacks with authentication.

A sudden wave of attacks against insecure databases resulting in ransom demands points to wave of data hijacking attacks.

WordPress security experts said that 1.5M sites have been defaced following the disclosure of a silently fixed content injection vulnerability.

Developers at Uber have unveiled a new module to help users enable the continuous re-authentication of SSH keys.

WordPress sites slow to update to the recent 4.7.2 security release run the risk of falling victim to a handful of defacement attacks spotted by Sucuri.

InterContinental Hotels Group confirmed and released addition details pertaining to a breach that targeted payment card systems used in 12 of its hotels.

Mike Mimoso and Chris Brook recap the news of the week, including a Microsoft SMB zero day, the latest Netgear router vulnerability, and a new HTTPS milestone.

Microsoft said a Windows SMB zero day, which has a public proof-of-concept exploit available, is low risk and won’t be patched until an upcoming Patch Tuesday.

WordPress silently fixed a serious content injection vulnerability when it pushed out its latest security release, 4.7.2, last week