Attack Word documents designed to lure victims into opening them were crafted to fetch a PNG image file that contained an exploit for vulnerable versions of Office

A quarter of the Citadel botnet’s 4,000 command and control domains that Microsoft seized last week in “operation b54” were actually being used by researchers to combat the botnet and others like it, according to a security researcher.

Google announced late Friday that it will outlaw facial recognition and other biometric identification apps on Glass, its networked eyewear still in prototype phase that's expected to be commercially released later this year.

Symantec has killed off its line of low-cost security products from PC Tools, a vendor it acquired in 2008 from Australian entrepreneur Simon Clausen.

Brazilian hackers on the hunt for banking credentials are now targeting Bitcoin owners with a trick that sends victims to a phishing page when they enter the correct URL for Mt Gox, the online exchange that claims to account for 80 per cent of all Bitcoin trade.

Malware vendors are warming to bitcoin, but the virtual currency has an unlikely rival in some geographies in the form of fake identity documents and money mules.

Microsoft on Friday confirmed a previously unknown vulnerability in Internet Explorer 8 that is believed to have been used to target people from the nuclear energy industry.

Web masters will now be able to ask Microsoft to re-evaluate sites labeled on its Bing search engine as malware threats, but if malware is found during the re-scan the warning could persist for a long time.

Oracle’s scheduled release for Java 8 this September has been pushed back to March 2014 as engineers focus on speeding up Java security fixes.

The cyber-attacks on an anti-spam group that rattled Europe’s internet last month could have been countered by ISPs, according to the EU’s security agency, which is taking new mitigation recommendations to operators and telecoms regulators.

Vladislav Anatolievich Horohorin, a prominent carder known as ‘BadB’ who also withdrew some of the $9m in the 2008 RBS WorldPay ATM heist, has been sentenced to 88 months prison.

Hackers broke into the network of popular document sharing service Scribd earlier this week and may have compromised “less than 1 percent” of its users’ passwords, according to the company.

Security vendor Sophos is urging customers to immediately install an update that resolves three security flaws found in its Web Protection Appliance.

Hackers claiming to be part of ‘Anonymous’ say they have stolen 15,000 passwords from Uriminzokkiri.com, a North Korea run website hosted in China.

The ongoing traffic attack on European anti-spam group Spamhaus has escalated from 75 Gbps peak last week to 300Gbps, making it the biggest on public record, according to experts.