Researchers find three vulnerabilities in an IoT safe that can be exploited to acquire the safe's PIN code, pair with the device, and open the safe.
German security researcher Sabri Haddouche has discovered a set of vulnerabilities that he collectively refers to as Mailsploit, and which allow an attacker to spoof email identities, and in some cases, run malicious code on the user's computer.
A critical remote code execution flaw affects over half of the Internet's email servers, and there's no fix for it available, just yet.
A week after details about a severe Microsoft Office vulnerability came to light, at least one criminal group is now using it to infect users.
Intel published a security advisory last night detailing eight vulnerabilities that impact core CPU technologies such as the Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE).
Android smartphones running Lolipop, Marshmallow, and Nougat, are vulnerable to an attack that exploits the MediaProjection service to capture the user's screen and record system audio
The way Microsoft patched a recent security bug has made several security and software experts believe the company might have lost the source code to one of its Office components.
The Chinese vulnerability disclosure program is lagging behind when it comes to publishing details about critical flaws and vulnerabilities exploited by Chinese-linked cyber-espionage groups.
Oracle has issued an out-of-band emergency security update to address five vulnerabilities, among which one is rated 10 out of 10 on the CVSSv3 bug severity scale, and a second was rated 9.9 out of 10.
GitHub — the Internet largest code hosting service — is rolling out a new security feature through which it hopes to reduce the number of vulnerable projects hosted and distributed through its platform.
Microsoft has patched today a huge security hole in Microsoft Office that could be exploited to run malicious code without user interaction on all Windows versions released in the past 17 years.
Several antivirus products are affected by a design flaw that allows malware or a local attacker to abuse the "restore from quarantine" feature to send previously detected malware to sensitive areas of the user's operating system, helping the malware gain boot persistence with elevated privileges.
Estonian authorities have decided to block and disable over 760,000 national electronic ID cards due to a cryptographic vulnerability that could allow attackers to clone IDs and forge identities.
The Tor Project has released a security update for the Tor Browser on Mac and Linux to fix a vulnerability that leaks users' real IP addresses.
Oracle has released patches for a security issue affecting the Oracle Identity Manager that has received a rare 10 out of 10 score on the CVSSv3 bug severity scale.
A Romanian bug hunter has found three flaws in Google's official bug tracker, one of which could have been used to exposed sensitive vulnerabilities to unauthorized intruders.
LG Electronics has avoided a security disaster this summer after it worked with security researchers to patch a vulnerability in the mobile app that customers are using to control a breadth of LG smart home devices.
A popular satellite communications (SATCOM) system installed on ships across the world is affected by two serious security flaws — a hidden backdoor account with full system privileges access and an SQL injection in the login form.
No good deed remains unpunished, they say, and so is the case of the recent spat between Google and Microsoft's security teams.