Oracle has released its quarterly software update fixing more than 100 security vulnerabilities in its products. Java is at risk from more than 50 flaws, so it is time to update immediately if you still use it.
Oracle is about to release a new "feature" in its Java Runtime Environment (JRE) that allows enterprises (or anyone else) to turn off security features for backward compatibility.
How does a bug in Android put your Bitcoins at risk? Why did the City of London bin its bins? What was Unpatch Wednesday? What to do with a 3D printer after you've made your own gun?
Find out in 60 seconds!
Lakeland has suffered a "sophisticated and sustained" attack in which two encrypted databases were accessed. It says it's found no evidence that data was stolen but has reset customers' passwords to be on the safe side.
Mobile security researcher Karsten Nohl says he'll explain at the BlackHat conference how he can remotely "own" mobile phones with a single text message.
Paul Ducklin looks at what Nohl has said so far, and ponders how hard this might be to sort out...
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.
As promised last week, Oracle shipped a Critical Patch Update for Java on Tuesday 18 June 2013.
Apple, which offers its own builds of Java, updated at the same time.
Paul Ducklin takes a look...
There's a Java update coming next Tuesday, 18 June 2013, and you might as well get ready for it now if you haven't already.
Oracle has fixed 40 holes, all but three of them remotely exploitable.
In a big fat blog post, Oracle has promised to work harder to make Java more secure. But given the flood of high-profile, heavily-exploited vulnerabilities that have bobbed to the surface, can Oracle save this piece of software from drowning in bad vibes?
Fake anti-virus is mostly for Windows, with OS X a long way back in second place. But other operating systems aren't exempt from the depredations of cybercriminals.
Paul Ducklin shows you round some recently-discovered Android scareware...
Just last week you were congratulating yourself for patching your computer against a Java security hole.
Now another zero-day unpatched vulnerability has been found in Oracle's widely used software.
Here's the latest episode in the popular "Chet Chat" series.
Join Chet and Duck as they discuss what we can learn from recent security news in this quarter-hour podcast.
The security-beleaguered Java ecosystem usually gets updates just once every four months, in February, June and October.
But this year, Oracle has adapted that schedule a number of times, and this is one of them...
PWN2OWN 2013 finished off today.
A second scheduled attack on IE 10 didn't happen, so IE 10 didn't get owned again, but Flash and Reader fell once each, and Java was exploited for the fourth time in two days...
Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers at PWN2OWN 2013.
Java fell three times today; Adobe's Flash and Reader meet their attackers tomorrow...