Oracle released fixes for a handful of recently patched Apache Struts 2 vulnerabilities late last week.
Researcher Patrick Wardle has discovered a critical vulnerability that allows an attacker to dump passwords in plaintext from the macOS Keychain. The vulnerability is in macOS High Sierra, Sierra and El Capitan, and has yet to be patched.
IOActive analyzed 21 mobile stock trading platforms and found vulnerabilities that put transactions and personal information at risk. Of the 13 firms notified, only two acknowledged the disclosure.
Adobe suffered at a minimum a PR black eye on Friday when one of its private PGP keys was inadvertently published to its Product Incident Security Response Team (PSIRT) blog.
Banking Trojan Retefe is adopting new WannaCry tricks, adding an EternalBlue module to propagate the malware.
The U.S. Securities and Exchange Commission said this week that hackers managed to infiltrate one of its systems last year, something that likely facilitated insider trading.
Samba released three security updates, including two related to SMB connections that could be abused by an attacker already on the network to hijack connections and manipulate traffic or data sent from a client.
The Equifax data breach saga so far, a Google HTTPS warnings paper, cryptocurrency mining at the Pirate Bay, and bringing machine learning to passwords are all discussed.
APT33 targets petrochemical, aerospace and energy sector firms based in U.S., Saudi Arabia and South Korea with destructive malware linked to StoneDrill.
Joomla on Tuesday patched a critical LDAP injection vulnerability that had lingered in the content management system for eight years. Attackers could use this bug to steal admin login credentials.