The vulnerability, which can be exploited via the browser, could allow a malicious hacker to execute arbitrary JavaScript code within the vulnerable application.

Microsoft has yanked the security updates shipped in the MS10-025 bulletin after realizing the patch did not fix the underlying security vulnerability.

New report indicates that the combination of the ZeuS crimeware kit, and the tremendous increase of malicious PDFs seen in 2009, play a crucial role in the growth model of the cybercrime ecosystem.

On the heels of a Black Hat EU presentation that exposed security problems with the cross-site scripting (XSS) filter in Internet Explorer 8, Microsoft plans to ship an update to the filter to fix what is hopefully the last remaining attack scenario.

The cross-site scripting filter that ships with Microsoft's Internet Explorer 8 browser can be abused by attackers to launch cross-site scripting attacks on websites and web pages that would otherwise be immune to this threat.

Virus hunters have spotted the attacks on a popular song lyrics Web site. Any visitor to that Web site with the Java Plugin for Browsers installed (Internet Explorer or Firefox) will get infected with malware.

Two of the bulletins are rated "critical" for all versions of Microsoft's flagship operating system, including Windows 7 and Windows Server 2003 R2.

A currently ongoing ransomware campaign is using a novel approach to extort money from end users whose PCs have been locked down - it attempts to extorts $400 from users which would otherwise face a copyright violation suit.

The flaw occurs because the Java-Plugin Browser is running "javaws.exe" without validating command-line parameters.

Five of the 11 bulletins will be rated "critical," Microsoft's highest severity rating. The flaws affect all versions of Windows, including the company's newest Windows 7 operating system.