Mega-popular blogging and content management system WordPress has just put out version 3.6.1.
This includes a patch for a remote code execution hole, so you are advised to update ASAP.
US whistleblower-friendly site Cryptome recently suffered a short outage, after it was booted offline by its ISP and then let back.
Paul Ducklin looks for security lessons in the story...
You don't always have to break into someone's web server to get them to deliver your malware for you. You can just break into the server they get their online ads from.
Or you can pre-infect the online ad server software so you can own it as soon as it is installed.
In the first of a two part series, Fraser Howard takes a closer look at the Redkit exploit kit.
Learn more about how this kit works and the compromised web servers that are being used to host it.
Hacktivist group NullCrew recently announced a succesful intrusion against a website in the DHS.GOV domain hierarchy.
It looks as though the site was vulnerable to what's known as a directory traversal vulnerability.
Being careful where you download from isn't always enough.
SourceForge, the hosting service for phpMyAdmin, has disclosed that the official phpMyAdmin 22.214.171.124 distribution was Trojanised some time last weekend.
Researchers in Germany have disclosed a vulnerability in most web programming languages that allows for a denial of service attack to be successful with very little resource and against the vast majority of websites
The latest WordPress release is requiring users to update their PHP and MySQL installations to newer releases. Are WordPress users doing enough to protect their blogs? Does it make a difference if you patch?
The PHP Group has released a set of bug fixes and security udpates to their ubiquitous PHP software. Web administrators should read through the change logs and update as soon as possible. Read the article to find out about the security related fixes and enhancements in PHP 5.3.6.