If you use an Android phone you may have heard of something called the USSD vulnerability. This allows a nasty piece of malicious software to reset your Android to its factory default settings and permanently delete your data.

The Blackhole exploit kit has been updated to version 1.2.3 and includes a new exploit for the Java CVE-2012-0507 vulnerability, which ESET calls Java/ Exploit.CVE-2012-0507

Research by Aleksandr Matrosov and Vladimir Kropotov on distribution of a CVE-2011-3544 exploit by FTP.

Do Xmas shopping and porn surfing account for a spike in Win32/Scrinject detections?

[Update: the BBC Radio 6 issue is now confirmed by WebSense (apologies for misattributing it earlier!), who have more detail here, and note that areas of the BBC 1Xtra radio station Web site are also affected.] I hear from ESET colleagues in the UK that the BBC's Radio 6 homepage (one of the Beeb's music stations) is