Phone maker OnePlus is being blasted for leaving a developer debugging app on its handsets allowing phones to be rooted by an attacker with physical access to the device.
Adobe released a monster update for Acrobat and Reader patching dozens of remote code execution vulnerabilities, along with a Flash Player update addressing a handful of critical flaws.
IBM’s X-Force Research team reports hackers attacking Brazilian banks are using the Windows scripting tool called AutoIt to reduces the likelihood of antivirus software detection.
Developers using the Twilio platform to build enterprise mobile communications apps have put call and text data at risk for exposure.
Microsoft published guidance for Windows admins on how to safely disable Dynamic Data Exchange (DDE) fields in Office that are being used to spread malware in email-based attacks.
Between $150 million and $300 million in digital currency called ether remains inaccessible today after a user said he “accidentally” triggered a vulnerability that froze the funds in the popular Parity wallet.
Google this week finally addressed the KRACK vulnerability in Android, three weeks after the WPA2 protocol flaw was publicly disclosed.
Trustwave discloses an unpatched vulnerability in Brother printers with the Debut embedded webserver after numerous attempts to contact the vendor failed.
Weak cryptography in the IEEE P1735 electronics standard allow attackers to recover valuable intellectual property in plaintext from SoCs and integrated circuits.
Cisco has updated its IOS XE software to address a denial of service vulnerability in its implementation of BGP over an Ethernet VPN.