An "extremely severe" security vulnerability in the Opera browser could put web surfers at risk of remote code execution attack

Microsoft has yanked the security updates shipped in the MS10-025 bulletin after realizing the patch did not fix the underlying security vulnerability.

Privacy advocate Moxie Marlinspike used the spotlight of the SOURCE conference here to call attention to Google's data harvesting practices, warning that the search engine giant can mine information to figure out even what Web surfers are thinking about.

A MarkMonitor review indicates that less than 10% of the top 300 high trafficked sites have adopted VeriSign's Registry Lock Service.

The New York Times is reporting that Google's password system was compromised during a targeted attack last December.

The cross-site scripting filter that ships with Microsoft's Internet Explorer 8 browser can be abused by attackers to launch cross-site scripting attacks on websites and web pages that would otherwise be immune to this threat.

According to Intego's security memo, OSX/HellRTS.D is being distributed on a number of forums shows that it will be accessible to a large number of malicious users who may attempt to use it to attack Macs.

The identity thieves behind the Zeus malware attacks are now using the "/launch" command feature in Adobe Reader to launch malicious attacks without exploiting a vulnerability in the software.

According to Apple's advisory accompanying the patch, the actual vulnerability was not in the Safari browser but in the way ATS (Apple Type Services) handles certain fonts.

Virus hunters have spotted the attacks on a popular song lyrics Web site. Any visitor to that Web site with the Java Plugin for Browsers installed (Internet Explorer or Firefox) will get infected with malware.