Last week, Magento released a very important bundle of patches for their eponymous e-commerce platform that should be implemented as soon as possible.
Network Management System (NMS) offerings by Spiceworks, Ipswitch, Opsview and Castle Rock Computing have been found sporting several cross-site scripting and SQL injection flaws that could be exploited to extract information stored in databases and perform arbitrary code execution within the context of the authenticated user (and set up the stage for other attacks).
A new survey from Ponemon Institute finds that nearly 80 percent of enterprises say that their organization's portfolio of applications has become more vulnerable to attacks.
Four out of five applications written in PHP, Classic ASP and ColdFusion that were assessed by Veracode failed at least one of the OWASP Top 10.
A study into the security of the Internet of Things has confirmed that the web interfaces for user administration of commercial, off-the-shelf embedded devices - routers, DSL/cable modems, VoIP phones, IP/CCTV cameras - represent a significant attack surface.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.