Hackers are distributing rogue email notifications about changes in Microsoft's Services Agreement to trick people into visiting malicious pages that use a recently circulated Java exploit to infect their computers with malware.
Stories by Lucian Constantin
Security researchers from Poland-based security firm Security Explorations claim to have discovered a vulnerability in the Java 7 security update released Thursday that can be exploited to escape the Java sandbox and execute arbitrary code on the underlying system.
Oracle knew since April about the existence of the two unpatched Java 7 vulnerabilities that are currently being exploited in malware attacks, according to Adam Gowdiak, the founder and CEO of Polish security firm Security Explorations.
Cybercriminals are trying to capitalize on Adobe's decision to stop distributing Android Flash Player to new users via Google Play by creating malware and adware apps that masquerade as Flash Player installers.
The Windows version of Crisis, a piece of malware discovered in July, is capable of infecting VMware virtual machine images, Windows Mobile devices and removable USB drives, according to researchers from antivirus vendor Symantec.
Criminals are sending malicious emails that purport to come from payroll services firms in order to infect with malware the computers of payroll administrators from various companies, according to researchers from the SANS Internet Storm Center (ISC).
Graphics chip maker Nvidia released a new version of its Unix driver on Friday in order to address a high-risk vulnerability that can be exploited by local users to gain root privileges on Linux systems.
A new Web-based social engineering attack that relies on malicious Java applets attempts to install backdoors on Windows, Linux and Mac computers, according to security researchers from antivirus vendors F-Secure and Kaspersky Lab.
A computer worm that propagates by exploiting a 2010 Windows vulnerability is responsible for some of the recent incidents involving network printers suddenly printing useless data, according to security researchers from Symantec.
Payment services provider PayPal will reward security researchers who discover vulnerabilities in its website with money, if they report their findings to the company in a responsible manner.
Networking equipment vendor Cisco Systems released multiple security updates on Wednesday to address vulnerabilities in its AnyConnect Secure Mobility Client, ASA 5500 Series Adaptive Security Appliances, Cisco Catalyst 6500 Series ASA Services Module and Cisco Application Control Engine (ACE) software.
An unpatched vulnerability in the Microsoft XML Core Services (MSXML) is being exploited in attacks launched from compromised websites to infect computers with malware, according to security researchers from antivirus vendor Sophos.
Security researchers have released details about a vulnerability in the MySQL server that could allow potential attackers to access MySQL databases without inputting proper authentication credentials.
Security researchers from antivirus vendor Kaspersky Labs have found evidence that the development teams behind the Flame and Stuxnet cyberespionage threats collaborated with each other.
Adobe released several security updates on Monday, addressing nine arbitrary code execution vulnerabilities that affect Adobe Photoshop and Adobe Illustrator CS5.x for Windows and Mac OS X.
Nominations now closed