A vulnerability in OpenSSH clients could expose users' private SSH keys to rogue or compromised servers.
The SlemBunk Android Trojan that targets mobile banking users has evolved into a hard-to-detect threat, researchers from FireEye found.
Cisco Systems released critical security updates for several products, including access points and wireless LAN controllers, in order to fix vulnerabilities that could give remote attackers access to devices.
A hacker has built a ransomware program based on proof-of-concept code released online, but messed up the implementation resulting in victims' files being completely unrecoverable.
Microsoft released critical fixes for remote code execution flaws in Windows, Office, Edge, Internet Explorer, Silverlight and Visual Basic.
A cyberespionage group was found using a new remote access Trojan dubbed Trochilus whose detection rate was very low among antivirus products.
Developers of the popular Drupal content management system are working to secure the software's update mechanism after a researcher found weaknesses in it.
Unlike Mozilla, Google plans to ban only SHA-1 certificates that were issued after Jan. 1 by public certificate authorities, not self-generated ones too.
Cyberespionage groups could easily exploit vulnerabilities in antivirus programs to break into corporate networks, according to vulnerability researchers who have analyzed such products in recent years.
Law enforcement authorities from Romania and Republic of Moldova dismantled a gang of criminals that stole 200,000 euros from ATMs in the E.U. and Russia after infecting them with a malware program.
The update mechanism of the popular Drupal content management system is insecure in several ways, allowing attackers to trick administrators into installing malicious updates.
Researchers from the INRIA institute in France have devised several attacks which prove that the continued support for MD5 in cryptographic protocols is much more dangerous than previously believed.
Researchers found a flaw that allows them to decrypt files affected by a new version of Linux.Encoder, a file-encrypting ransomware program that infects Linux Web servers.
Exploit acquisition firm Zerodium is offering up to $100,000 for exploits that bypass Flash Player's latest heap isolation protection.
Media processing and kernel privilege escalation flaws were patched in the January Android security update.