WordPress blog software has been updated to the 2.6 version. This latest release fixes about 194 bug fixes and a major security-related change to disable remote publishing protocols by default along with new functions such as SSL support, new Atom Publishing Protocol and the variety of XML-RPC protocols by default to shut down a potential security risk. If you manage a WordPress blog, this should be considered an important update.

Opera has released new update for Opera browser v9.51. This update fixes couple of security vulnerabilities and some stability issues. One of the fixed issues includes arbitrary code execution but the exploit has not been published yet. All Opera users can update their browser from http://www.opera.com/download/ location.

For the folks who still didn’t switched to the Firefox 3, the Mozilla Foundation has just released Firefox 2.0.0.16 which fixes two critical security vulnerabilities, command-line URLs launch multiple tabs when Firefox not running and remote code execution by overflowing CSS reference counter. As security advisers reports the last vulnerability affects the Thunderbird users too. The Firefox 2 will still be supported only until December, so all users are advised for upgrade to Firefox 3.

Hackers have managed to spread the links for fake ImageShack site that infects the visitors with Backdoor.Win32.SdBot malware. The links to the infected images are distributed via MSN messages where users are asked to check out the photo linked to the fake imageshack address. The message format is like this:

!msn.msg lool!! http ://imageshaack.org /img/Picture275.jpg |!trition.msg lool!! http ://imageshaack.org/img /Picture275.jpg topic set by Everglades on Wed Jun 11 15:41:57

“!msn.msg Haha is that you;)? http ://imageshaack.org /img/Picture275.jpg?|!trition.msg http: //imageshaack.org/img /Picture275.jpg

MSN users are strongly advised to check the links they get via IM and not get fooled with fake websites that spread malware.

topBadware.org coalition under Google support has called Apple to review the “carpet bomb” issue in the Safari browser. Nitesh Dhanjani has discovered that in Safari browser on Windows hackers can install suspicious software via booby-trapped Web sites. This can happen because the Safari browser cannot be configured to obtain the user’s permission before it downloads a resource. Safari downloads the resource without the user’s consent and places it in a default location, stated Dhanjani.

Mozilla developers have announced that they have stopped the changes to the first release candidate of Firefox 3.0 and is working to get that build to users by the end of the month. As Mike Schroepfer, Mozilla’s vice president of engineering stated they are ready to launch Firefox 3 Release Candidate 1 (RC1) by the end of May. Since RC1 passed many beta stages it is possible that it will be the only release candidate but unveiling of possible bugs and flaws will continue development of new Release Candidates until they are ready for final shipment. Mozilla issued three release candidates in the run-up to the final code of Firefox 2.0, and Schroepfer said that he expected Firefox 3.0 to follow that same pattern.

Mozilla team has noticed that a Vietnamese language pack for Firefox 2 is carrying malware. As Mozilla security chief Window Snyder wrote Vietnamese language pack for Firefox 2 contains inserted code to load remote content resulting with virus infection. Everyone who downloaded the Vietnamese language pack from February 18, 2008 got an infected copy. So, if you downloaded that particular language pack run immediate virus check of your computer.

Last week Mozilla and Apple has released new fresh updates of their browsers. Mozilla Firefox 2.0.0.14 patches the security problems in the JavaScript engine described in previous Firefox release, where some users experienced crashes during JavaScript garbage collection. On the other hand Apple updated Safari to 3.1.1 and patched several security issues concerning a maliciously crafted website may control the contents of the address bar and visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution among many. It is recommended to updated your favorite browsers as soon as possible.

Internet security company Websense has reported that hackers have managed to break Microsoft’s Live Hotmail CAPTCHA tools in about 6 seconds. As reports say latest attack on Microsoft’s Hotmail is an evolutionary leap because hackers’ tools are automated and operating almost instantaneously. CAPTCHAs are viewed as a spam defense and a way to distinguish humans and computers. However Google says CAPTCHA security are still useful, but other start to claim it is not true. The steps of the CAPTCHA eluding attack are similar to previous attacks, according to Websense. A bot hooks into Internet Explorer, observes account names, uses IE to sign up for Hotmail accounts, grabs CAPTCHA and breaks it, creates multiple accounts and then use them for sending spam.

Adobe has released a security bulletin informing all Internet users about multiple vulnerabilities in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, that could lead to the potential execution of arbitrary code remotely. Additionally the update includes DNS rebinding attack and cross-domain policy countermeasures. It is strongly recommended to update to the newest Adobe Flash Player version, 9.0.124.0