Monthly security update addresses two dozen vulnerabilities, including one being exploited as part of the "Sandworm" cyberattack.
Three Google security engineers uncover a major vulnerability in the older -- but still supported -- Web encryption standard SSL 3.0. Experts say fixing it is impossible and upgrading will be difficult.
Security firm iSight says the "Sandworm" team has targeted NATO, the European Union, Ukraine and industry through a previously unrecognized Windows zero-day exploit.
An Internet Explorer 8 vulnerability goes unfixed by Microsoft for more than half a year, reports the Zero Day Initiative.
Attackers can use the "Covert Redirect" vulnerability in both open-source log-in systems to steal your data and redirect you to unsafe sites.
Adobe and Microsoft patch a critical zero-day security flaw in Adobe's Flash Player that is actively being used to target Windows users, but the bug is different from an unpatched hole in Internet Explorer.
The White House explains the government’s process when deciding whether to withhold knowledge of a security vulnerability -- “There are legitimate pros and cons to the decision to disclose.”
While saying that most vulnerabilities should be revealed, the White House allows some flaws to be kept secret in the event of "a clear national security or law enforcement need," the New York Times reports.
A Bloomberg report says the agency knew about the Heartbleed security flaw that's sent sites like Google scrambling to patch their systems -- but it kept it secret and used it to spy. The agency, however, says that's not so.
Thousands of dollars have been awarded to bug hunters for the Chrome 34 release who reported 31 flaws, 19 deemed critical.