Oracle's quarterly Patch Tuesday updates are out.
Java gets 37 fixes, 35 of them what Oracle calls "Remote Exploit without Authentication".
The silver lining? No Heartbleed bug in Java Standard Edition...
Which browser plugin withstood PWN2OWN? How big was the latest South Korean megabreach? What happens when hackers attack phishers?
Find out in 60 Second Security...
Here are the PWN2OWN results from Day Two, and an overview of the final payouts.
Chrome and Safari didn't get picked for Day One, but both of them were pwned on Day Two - twice for Chrome and once for Safari....
PWN2OWN Day One results are in!
The target that sounded easiest - Oracle Java, with prize money less than a third of the supposedly much tougher IE 11 - was the only one left standing at the end of the first half...
Here's our latest security podcast, featuring Sophos experts Chester Wisniewski and Paul Ducklin.
Join the dynamic duo as they turn the latest news into a quarter-hour podcast that is informative, entertaining and educational.
Why was this month's Java update a "must patch"? Should in-app purchases be allowed to target children? Is it a good idea to give Google control of your home?
Find out in 60 Second Security for 18 Jan 2014
What's the best way to deal with botnets? Should you use your bank's mobile app? Why all these data breaches? What about Patch Tuesday? Do you really *have* to update your Mac to Mavericks?
Listen as Chet and Duck dissect and explore the week's security stories...
In January 2014, Patch Tuesday coincides for Oracle, Adobe and Microsoft.
Here's what you'll be up against in the opening fixture of the 2014 Patching Season...
Oracle has released its quarterly software update fixing more than 100 security vulnerabilities in its products. Java is at risk from more than 50 flaws, so it is time to update immediately if you still use it.
Oracle is about to release a new "feature" in its Java Runtime Environment (JRE) that allows enterprises (or anyone else) to turn off security features for backward compatibility.
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.
Oracle's latest Patch Tuesday has come and gone, with the database-and-more behmoth putting out patches for 89 vulnerabilities.
This is the last time that Java and the rest of Oracle's product set will get scheduled updates separately...
As promised last week, Oracle shipped a Critical Patch Update for Java on Tuesday 18 June 2013.
Apple, which offers its own builds of Java, updated at the same time.
Paul Ducklin takes a look...
There's a Java update coming next Tuesday, 18 June 2013, and you might as well get ready for it now if you haven't already.
Oracle has fixed 40 holes, all but three of them remotely exploitable.
In a big fat blog post, Oracle has promised to work harder to make Java more secure. But given the flood of high-profile, heavily-exploited vulnerabilities that have bobbed to the surface, can Oracle save this piece of software from drowning in bad vibes?