Researchers from Rapid7 found privacy-invading vulnerabilities in the Web services used by the Smart Toy line of interactive stuffed animals and the hereO GPS watch for children.
The Socat networking service used a non-prime number for its key exchange mechanism, potentially allowing attackers to eavesdrop on encrypted connections opened with the tool.
Google has patched thirteen new vulnerabilities in Android, two of which could allow attackers to take control of Android devices located on the same wireless network.
Over 60 Android games hosted on Google Play had Trojan-like functionality that allowed them to download and execute malicious code hidden inside images.
Cisco Systems has released security patches for flaws affecting a wide range of products, including for a critical vulnerability in its RV220W wireless network security firewalls.
A denial-of-service attack against HSBC in the U.K. left customers unable to access their accounts via the bank's online system.
An increasing number of iOS application developers use a technique that allows them to remotely modify the code in their apps without going through the official app store's review process, an action that poses security risks for users.
Next year, the Java browser plug-in, which is frequently the target of Web-based exploits, will be retired by Oracle.
A new Android ransomware app called Lockdroid.E is abusing system dialogs to hijack user clicks and grant itself administrator privileges.
PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor.
Around two dozen U.S. government departments and federal agencies are being questioned by the U.S. Congress on whether they were using backdoored Juniper network security appliances.
The latest patches for the Magento e-commerce platform fix critical vulnerabilities that could allow attackers to hijack administrative accounts.
Network security vendor Fortinet has identified an authentication issue that could give remote attackers administrative control over FortiSwitch, FortiAnalyzer and FortiCache devices.
Cisco released security updates to fix a hard-coded root password in its Modular Encoding Platform D9036 and a vulnerable CGI script in the Cisco Unified Computing System (UCS) Manager and the Cisco Firepower 9000 Series appliances.
Google has developed a patch for a recently reported vulnerability in the Linux kernel and shared it with Android manufacturers.