The malware is digitally signed and is probably used in targeted attacks, researchers from F-Secure said.
Security researchers have identified multiple samples of the recently discovered "KitM" spyware for Mac OS X, including one dating back to December 2012 and targeting German-speaking users.
Previously unknown Mac OS X spyware, signed with a valid Apple Developer ID, has turned up on the laptop of an activist from Angola at a human rights conference in Norway.
Adobe has released scheduled security updates for its Reader, Acrobat, Flash Player and ColdFusion products on Tuesday in order to fix many critical vulnerabilities, including one that is already actively exploited by attackers.
Adobe has warned users of its ColdFusion application server platform of a critical vulnerability that could give unauthorized users access to sensitive files stored on their servers.
Most browser installations use outdated versions of the Java plug-in that are vulnerable to at least one of several exploits currently used in popular Web attack toolkits, according to statistics published by security vendor Websense.
Adobe released emergency patches for Adobe Reader and Acrobat 11, 10, and 9 Wednesday that address two critical vulnerabilities being actively exploited by attackers.
Political activists from the Middle East were targeted in attacks that exploited a previously unknown Flash Player vulnerability to install a so-called lawful interception program designed for law enforcement use, security researchers from antivirus vendor Kaspersky Lab said Tuesday.
Adobe provides a closer look a the improved sandbox in the recently launched Adobe Reader and Adobe Acrobat XI aimed at making the products harder to attack and exploit.
Attackers can trick gamers into opening malicious steam:// URLs that exploit security issues in games to execute malicious code.
Mozilla released Firefox 16.0.1 on Thursday in order to fix a publicly disclosed vulnerability and three other security flaws identified after the release of Firefox 16.
Attackers can abuse Facebook's phone search feature to find valid phone numbers and the name of their owners, according to security researchers.
Adobe plans to revoke a code-signing certificate after hackers compromised one of the company's internal servers and used it to digitally sign two malicious utilities.