Not to be outdone by Microsoft and Adobe's Patch Tuesday releases, Mozilla pushed out its latest browser and email client updates today.
There are no bated-breath patches for in-the-wild exploits, but 3 of the 8 security fixes are deemed "critical".
The recent and widely reported US Dept of Labor website hack turned out to be a zero-day exploit against IE.
Good news! Microsoft just published an emergency "Fix it" patch against the vulnerability...
In the first of a two part series, Fraser Howard takes a closer look at the Redkit exploit kit.
Learn more about how this kit works and the compromised web servers that are being used to host it.
A subdomain of the US Department of Labor's main website, running off a separate server - what's known colloquially as a microsite - was modified to serve up malware.
Paul Ducklin takes a quick look at the attack...
Vulnerability researchers at Core Security recently turned their attention on internet-enabled cameras, finding lots of holes.
And when security holes arise from features, not bugs, you really do feel like shouting aloud, "What WERE they thinking?"
The security-beleaguered Java ecosystem usually gets updates just once every four months, in February, June and October.
But this year, Oracle has adapted that schedule a number of times, and this is one of them...
Microsoft has issued its usual advance notification for the coming week's Patch Tuesday.
If you use Windows you're probably affected, and you'll probably need to reboot all your PCs and most of your servers...
Apple has had a good-bad-good-bad week of it in the computer security environment.
Its announcement of two-step verification for some users was quickly followed by a report of a password recovery exploit for everyone else...
Renowned Chrome hacker Pinkie Pie, who scooped the prize at last year's Pwnium competition, didn't quite get across the line this year.
But Google will pay him a one-third-sized consolation prize anyway, for "honoring the spirit of the competition."
Apple ships OS X 10.8.3 - 11 remote code execution vulns patched, Snow Leopard and Lion get fixes too
Apple has shipped the latest point release of its flagship Mountain Lion (OS X 10.8) operating system.
There are plenty of security fixes in there, which Snow Leopard (10.6) and Lion (10.7) users get too, in standalone security updates.
Microsoft's March 2013 Patch Tuesday is out.
There are seven bulletins this month, dealing with twenty documented vulnerabilities.
Paul Ducklin helps you choose where to start...
Have your joined thousands of others, and become a loyal listener to the "Chet Chat" yet?
Here's the latest Naked Security podcast, Sophos Security Chet Chat 104, discussing a range of recent and newsworthy topics from the world of computer security.
Mozilla and Google have already pushed out patches to stop the exploits that got past their browsers at this year's PWN2OWN competition!
That certainly throws down the gauntlet to Microsoft, whose Internet Explorer 10 browser was also successfully breached in the competition.
PWN2OWN 2013 finished off today.
A second scheduled attack on IE 10 didn't happen, so IE 10 didn't get owned again, but Flash and Reader fell once each, and Java was exploited for the fourth time in two days...
Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers at PWN2OWN 2013.
Java fell three times today; Adobe's Flash and Reader meet their attackers tomorrow...
Google just slammed the door on a number of vulnerabilities in Chrome.
Just two days before its flagship browser was due to go under public hacking scrutiny at a Canadian security conference...
Oracle recently published an emergency update for Java, and Apple quickly followed suit for the version of Java it still officially supports.
Paul Ducklin tries to guess where Oracle's Java patch cycle will end up...