A survey of 1,700 bug bounty hunters registered on the HackerOne platform reveals that top white-hat hackers make on average 2.7 times more money than the average salary of a software engineer in the same country.
Details about two vulnerabilities in an adult-themed virtual reality (VR) application were available to the general public for five days before the vendor intervened and patched the security holes.
Seagate has patched a vulnerability in the firmware of the Seagate Personal Cloud Home Media Storage, a NAS (Network Attached Storage) product.
The administrators of the Electrum Bitcoin wallet app have released a security update that fixes a vulnerability that existed in the software for almost two years.
A security researcher is urging owners of Western Digital MyCloud NAS devices to update the firmware of their portable hard-drives to fix a series of important security bugs he reported to the vendor, among which there is an easy exploitable and wormable hardcoded (backdoor) account.
AMD has fixed, but not yet released BIOS/UEFI/firmware updates for the general public for a security flaw affecting the AMD Secure Processor.
Google has just published details on two vulnerabilities named Meltdown and Spectre that in the company's assessment affect "every processor [released] since 1995."
Intel released a statement earlier today denying media reports that upcoming patches for a yet-to-be-disclosed security bug cause huge performance dips for devices using Intel CPUs.
OS makers and cloud service providers are preparing patches for a security bug affecting Intel processors, according to several sources with knowledge of the upcoming fixes.
Two security researchers —Vangelis Stykas and Michael Gruhn— have published a report on a series of vulnerabilities that they named "Trackmageddon" that affect several GPS and location tracking services.
Similar vulnerabilities affect some Sonos and Bose smart speakers that allow hackers to take over devices, collect data on users, and even make devices to play desired audio tracks.
Here's something to be cheery on Christmas Day —a vulnerability affecting a web server that's been embedded in hundreds of thousands of IoT devices.
It's been a bad week for two of the world's biggest vendors of enterprise hardware and software — Fortinet and Palo Alto Networks. Both companies fixed security issues this week affecting some of their most popular products, with some bugs being quite intrusive and dangerous.
Google's December 2017 Android Security Bulletin contains a fix for a vulnerability that allows malicious actors to bypass app signatures and inject malicious code into Android apps.
On Wednesday, Microsoft started rolling out an update to all Windows products that rely on the Malware Protection Engine for security scans.
Researchers find three vulnerabilities in an IoT safe that can be exploited to acquire the safe's PIN code, pair with the device, and open the safe.
German security researcher Sabri Haddouche has discovered a set of vulnerabilities that he collectively refers to as Mailsploit, and which allow an attacker to spoof email identities, and in some cases, run malicious code on the user's computer.
A critical remote code execution flaw affects over half of the Internet's email servers, and there's no fix for it available, just yet.