Don't-Miss Stories


Latest Java zero-day exploit is linked to Bit9 hacker attack

The attacks discovered last week that exploited a previously unknown Java vulnerability were likely launched by the same attackers that previously targeted security firm Bit9 and its customers, according to researchers from antivirus vendor Symantec.

Another Java flaw exploited, security researchers warn

A new exploit for a previously unknown and unpatched Java vulnerability is being actively used by attackers to infect computers with malware, according to researchers from security firm FireEye.

Oracle contests Google's 'fair use' of Java code in appeal

Oracle wants an appeals court to rule that Google's commercial use of Java in a market where Oracle was already competing was not fair use.


More Java patches due soon

Oracle isn't done releasing patches for Java SE this month, as another batch will arrive on February 19, according to a company blog post.


New Whitehole exploit toolkit emerges on the underground market

A new exploit kit called Whitehole has emerged on the underground market, providing cybercriminals with one more tool to infect computers with malware over the Web, security researchers from antivirus vendor Trend Micro reported Wednesday.

Oracle rushes out another Java update, fixing 50 vulnerabilities

Oracle says Java 7u13 addresses 50 flaws, many of which left systems vulnerable to remote exploits.

Bug makes Java's latest anti-exploit defenses moot, claims researcher

Java's new security settings, designed to block "drive-by" browser attacks, can be bypassed by hackers, a researcher announced Sunday.

Experts prod Oracle to fix broken Java security

Beset by some very public vulnerabilities in Java, and apparently unable to properly patch those bugs, Oracle must dramatically step up its security game, experts said.

Oracle's Java patch contains new holes, researchers warn

Researchers from Security Explorations claim to have found two new vulnerabilities in Java 7 Update 11 that can be exploited to bypass the software's security sandbox and execute arbitrary code on computers.


Malware impersonates Java patch

Trend Micro has spotted a piece of malicious software that masquerades as the latest patch for Java, a typically opportunistic move by hackers.