Zeljka Zorz
California and Illinois ban employers from requesting personal passwords
When Maryland’s Division of Correction instituted a requirement for job applicants and employees undergoing recertification to hand over login credentials of their …
Conficker targets photography lovers
People who bought a Hama-manufactured slide scanner from popular German retailer chain Tchibo in the weeks leading to Christmas are being warned about taking home more than …
Fraudulent digital certificate for Google web properties used in active attacks
A fraudulent digital certificate that could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties has …
All Ruby on Rails versions affected by SQL injection flaw
Three new versions of popular open source web application framework Ruby on Rails have been released on Wednesday in order to fix an SQL injection vulnerability that affected …
IE zero-day used in targeted watering hole attacks
News that an Internet Explorer zero-day vulnerability was being and has been for quite some time been used in a new “watering hole” attack has livened the …
Hacking Web Apps
Web security impacts applications, servers and browsers. Successful attacks against Web applications and sites means bad news for their owners, developers and users. This book …
“Change Facebook color theme” scam leads to spying Chrome extension
The end of one year and the beginning of another strikes a lot of people as the perfect moment to change something in their life and start with the proverbial clean slate. …
“Facebook 2013 Demo app” leads to phishing
The offer of an app that supposedly allows users to view a new version of Facebook is the newest trick employed by phishers to get their hands on the users’ login …
Will the Sweet Orange exploit kit dethrone Blackhole?
There’s a new exploit kit being offered for sale and it seems to be slowly but surely gaining in popularity. Dubbed Sweet Orange, the kit uses exploits for Java, PDF, IE …
Bogus LinkedIn invitations lead to info-stealer Trojan
Another round of LinkedIn-themed spam is hitting inboxes around the world, warns GFI. The email, sent from a bogus email address, urges the recipient to join the …
Scarlett Johansson hacker gets 10 years in prison
36-year-old Florida resident Christopher Chaney has been sentenced to 10 years in prison and to pay $66,000 restitution for having hacked the email accounts of Scarlett …
Android botnet spreads SMS spam
Researchers from two security firms have detected widespread SMS spam campaigns aimed at making users download a new Android Trojan that ropes their devices into a mobile …
Featured news
Resources
Don't miss
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364)
- OSPS Baseline: Practical security best practices for open source software projects
- Understanding the AI Act and its compliance challenges
- The art of balancing data security with business goals
- Debunking 5 myths about network automation