The PHP Group will reset the passwords for accounts on php.net, the official website of the PHP programming language, and will change the site's SSL certificate after attackers compromised two servers and injected malicious code into the website.
Stories by Lucian Constantin
Visitors to the official website for the PHP programming language over the past couple of days might have had their computers infected with malware.
Cisco Systems released software security updates Wednesday to address denial-of-service and arbitrary command execution vulnerabilities in several products, including a known flaw in the Apache Struts development framework used by some of them.
Adobe has worked with Apple to sandbox Flash Player under Safari in Mac OS X, restricting the ability of attackers to exploit any vulnerabilities they might find in the browser plug-in.
Vulnerabilities in the management interfaces of some wireless router and network-attached storage products from Netgear expose the devices to remote attacks that could result in their complete compromise, researchers warn.
The number of DDoS (distributed denial-of-service) attacks that target weak spots in Web applications in addition to network services has risen during the past year and attackers are using increasingly sophisticated methods to bypass defenses, according to DDoS mitigation experts.
The Mexican government has condemned newly reported spying activities of the U.S. National Security Agency against the country's former president while he was in office.
Belgian telecommunications group Belgacom found unauthorized changes made to a router at its BICS subsidiary, which provides wholesale communication services to hundreds of operators worldwide.
Hackers managed to steal a database containing customer credentials and contact information from PR Newswire, a major press release distribution service that's used by tens of thousands of companies and public relations agencies.
Oracle fixed on Tuesday 127 security issues in Java, its database and other products, patching some flaws that could let attackers take over systems.
Yahoo will start encrypting the webmail sessions of its users in early 2014 by making HTTPS (Hypertext Transfer Protocol Secure) standard for all Yahoo Mail connections.
Former users of the Lavabit encrypted email service that was shut down in August are being temporarily allowed to change their passwords and download copies of their data.
D-Link will address by the end of October a security issue in some of its routers that could allow attackers to change the device settings without requiring a username and password.
The Brazilian Federal Data Processing Service, known as Serpro, will build a secure email system for Brazil's federal government following media reports that foreign intelligence agencies intercepted electronic communications in the country.
The reported participation of technology companies in the U.S. National Security Agency's surveillance programs has prompted digital rights watchdog the Electronic Frontier Foundation to resign from the Global Network Initiative, a multistakeholder group whose members include Google, Microsoft, Yahoo and Facebook and whose stated mission is to advance privacy and freedom of expression online.