Zeljka Zorz
Microsoft plugs online services account hijacking vulnerability
London-based security researcher and bug hunter Jack Whitton has discovered a serious cross-site request forgery flaw affecting Microsoft’s authentication system for …
Black hat SEO campaign targets WordPress and Joomla installations
Avast is warning about a longstanding black hat SEO campaign involving sites running hacked WordPress and Joomla installations. In this latest campaign, the attackers inject a …
Update your ManageEngine Password Manager Pro ASAP!
Security researcher Sebastian Perez has revealed eight serious security vulnerabilities in ManageEngine Password Manager Pro (PMP), a password management software for …
Subgraph OS: Open source, hardened OS that prioritizes security and anonymity
Subgraph, an open source security company based in Montreal, has published the alpha release of Subgraph OS, which is designed to with security, anonymity AND usability in …
Why you should read the Oculus Terms of Service
Last Monday, the long-awaited Oculus Rift virtual reality headsets started being delivered to their buyers. Hopefully, the latter have read the Terms of Service that come with …
US passport and visa database open to intrusion?
The Consular Consolidated Database (CCD), which contains over 290 million passport-related records, 184 million visa records, and 25 million records on US citizens living …
PHP, Python still fail to spot revoked TLS certificates
In 2012, a group of researchers demonstrated that SSL certificate validation is broken in many applications and libraries, and pointed out the root causes for that situation: …
Has Reddit been served with a National Security Letter?
Reddit has published its 2015 Transparency Report, and there is one thing missing from it: the entire section about national security requests. The same report for 2014 …
Flaw in HID door controllers lets attackers unlock doors, deactivate alarms
Trend Micro researcher Ricky Lawshae has unearthed a critical vulnerability in HID’s VertX and Edge door controllers. Exploiting the flaw is easy, and could result in …
Samas ransomware enters hospitals through vulnerable servers
There’s hardly a day anymore that we don’t hear about a hospital being hit with ransomware. But while most have been infected via phishing emails carrying or …
Hackers breaching law firms for insider trading info
Two of the most prestigious law firms in the US, best known for their financial services and corporate practices, have had their computer networks compromised by hackers. …
Student bypasses Valve’s review process, publishes game on Steam
Sometimes the only way to get an organization to listen to you when it comes to existing vulnerabilities in their products is to exploit them yourself and make the proof of …
Featured news
Resources
Don't miss
- Internet slowly recovers after far-reaching Cloudflare outage
- Google patches yet another exploited Chrome zero-day (CVE-2025-13223)
- What security pros should know about insurance coverage for AI chatbot wiretapping claims
- How attackers use patience to push past AI guardrails
- The privacy panic around machine learning is overblown