WordPress users should update as soon as possible, as the latest release (4.1.2) plugs a critical cross-site scripting vulnerability that could allow anonymous users to compromise their site.
At least 17 WordPress plugins - and likely even more of them - have been found vulnerable to cross-site scripting (XSS) flaws that could allow attackers to inject malicious code in the browsers of the sites' visitors.
After having migrated their online properties to HTTPS and having sorted out the main problems that arose from the move, Pinterest is ready to pay researchers for information about bugs affecting their assets.
Here's some good news for Google App Engine developers: Google has released a new application security scanner that's especially fitting to test new app builds for cross-site scripting (XSS) and mixed content vulnerabilities.
It's pretty difficult to make information security predictions, and even more difficult to verify them afterwards: we can only judge the effectiveness of information security by the number of public security incidents that were uncovered, while the majority of data breaches remain undetected.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.