If an attacker can entice a user to visit an attacker controlled web page, the vulnerable ActiveX control could be invoked to download an attacker-modified package.

According to Intego's security memo, OSX/HellRTS.D is being distributed on a number of forums shows that it will be accessible to a large number of malicious users who may attempt to use it to attack Macs.

The identity thieves behind the Zeus malware attacks are now using the "/launch" command feature in Adobe Reader to launch malicious attacks without exploiting a vulnerability in the software.

In a sudden about-face, Sun has rushed out a Java update to fix a drive-by download vulnerability that exposed Windows users to in-the-wild malware attacks.

According to Google's Security Team, 15% of the malware domains they detected on the web over the past 13 months was scareware, also known as fake security software. Just how realistic is this percentage?

According to Apple's advisory accompanying the patch, the actual vulnerability was not in the Safari browser but in the way ATS (Apple Type Services) handles certain fonts.

Virus hunters have spotted the attacks on a popular song lyrics Web site. Any visitor to that Web site with the Java Plugin for Browsers installed (Internet Explorer or Firefox) will get infected with malware.

A newly released survey, ‘Teenage Hacking Habits’, reveals that based on a sample of 1000 teenagers, 16% admitted to hacking, 34% had already started by age 13, 84% by age 16, and 51% hack from home. Are "hacker moms" to blame?

The update is rated "critical" because of the risk of remote code execution attacks via rigged PDF files.

The hackers hit the server hosting the software that Apache.org uses to it to track issues and requests and stole passwords from all users.