A pair of security researchers have proposed an extension to the Transport Layer Security (TLS) protocol that would allow browsers to detect and block fraudulently-issued SSL certificates.

The PHP Group has released PHP 5.4.3 and PHP 5.3.13 on Tuesday in order to address two remote code execution vulnerabilities, one of which is being actively exploited by hackers.

The PHP Group plans to release new versions of the PHP processor on Tuesday in order to patch two publicly known critical remote code execution vulnerabilities, one of which was improperly addressed in a May 3 update.

Ninety percent of the Internet's top 200,000 HTTPS-enabled websites are vulnerable to known types of SSL (Secure Sockets Layer) attack, according to a report released Thursday by the Trustworthy Internet Movement (TIM), a nonprofit organization dedicated to solving Internet security, privacy and reliability problems.

Most owners of compromised websites don't know how their sites got hacked into and only 6 percent detect the malicious activity on their own, according to a report released by StopBadware and Commtouch on Thursday.

Many web app frameworks are vulnerable to a denial-of-service attack targeting the way they handle hash tables, researchers revealed Wednesday, prompting Microsoft to announce an "out-of-band" patch for its ASP.NET platform just hours later.

A yet-to-be-patched flaw discovered in the Apache HTTP server allows attackers to access protected resources on the internal network if some rewrite rules are not defined properly.

The working group for HTML has done away with version numbers for the Web page rendering standard.