In a startling revelation, the open-source Mozilla project says that its flagship Firefox browser contains a root certificate authority that doesn't seem to have a known owner.

The attacks, first spotted on March 9, included Trojan downloaders and backdoor programs that gave malicious hackers full access to hijacked PCs.

According to a newly released report, 64% of all the reported Microsoft vulnerabilities for 2009 could have been mitigated by using the principle of the least privileged accounts.

A coalition of the net’s biggest online service providers including Google and Microsoft are joining with the top internet rights groups to demand Congress modernize the nation’s privacy laws. Among the reforms pushed by the so-called Digital Due Process coalition is a requirement that law enforcement get warrants from a judge ...

The critical MS08-018 update patches security holes that could lead to code execution attacks on all versions of Microsoft's flagship browser, including the newest Internet Explorer 8.

The out-of-band update comes exactly 21 days after Microsoft said it was aware of targeted attacks against Windows users running its flagship browser.

Jumping through a series of anti-exploit roadblocks, Dutch hacker Peter Vreugdenhil hacked into a fully patched 64-bit Windows 7 machine using a pair of Internet Explorer vulnerabilities.

The patch, which was originally slated for release on March 30, fixes a vulnerability that could allow remote code execution attacks.

Sourcefire's Matthew Olney examines vendor response to security issues and highlights the value of exploit code as part of defending computer systems.

Some applications with bugs that are not exploitable when running in a not-virtualized operating system are rendered exploitable if running within a guest OS in Virtual PC.