Zeljka Zorz
Fraudulent digital certificate for Google web properties used in active attacks
A fraudulent digital certificate that could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties has …
All Ruby on Rails versions affected by SQL injection flaw
Three new versions of popular open source web application framework Ruby on Rails have been released on Wednesday in order to fix an SQL injection vulnerability that affected …
IE zero-day used in targeted watering hole attacks
News that an Internet Explorer zero-day vulnerability was being and has been for quite some time been used in a new “watering hole” attack has livened the …
Hacking Web Apps
Web security impacts applications, servers and browsers. Successful attacks against Web applications and sites means bad news for their owners, developers and users. This book …
“Change Facebook color theme” scam leads to spying Chrome extension
The end of one year and the beginning of another strikes a lot of people as the perfect moment to change something in their life and start with the proverbial clean slate. …
“Facebook 2013 Demo app” leads to phishing
The offer of an app that supposedly allows users to view a new version of Facebook is the newest trick employed by phishers to get their hands on the users’ login …
Will the Sweet Orange exploit kit dethrone Blackhole?
There’s a new exploit kit being offered for sale and it seems to be slowly but surely gaining in popularity. Dubbed Sweet Orange, the kit uses exploits for Java, PDF, IE …
Bogus LinkedIn invitations lead to info-stealer Trojan
Another round of LinkedIn-themed spam is hitting inboxes around the world, warns GFI. The email, sent from a bogus email address, urges the recipient to join the …
Scarlett Johansson hacker gets 10 years in prison
36-year-old Florida resident Christopher Chaney has been sentenced to 10 years in prison and to pay $66,000 restitution for having hacked the email accounts of Scarlett …
Android botnet spreads SMS spam
Researchers from two security firms have detected widespread SMS spam campaigns aimed at making users download a new Android Trojan that ropes their devices into a mobile …
Carberp-in-the-Mobile found on Google Play
Everybody knows (or should know) that downloading apps from third party online markets is dangerous, but even official markets such as Google Play can’t be considered …
Facebook users targeted with bogus Walmart gift card offer
Christmas season should be a happy and relaxed time, but it often isn’t – especially when the money is tight. There are feasts to be planned and presents to be …
Featured news
Resources
Don't miss
- Google fixes actively exploited Chrome zero-day vulnerability (CVE-2025-10585)
- LinkedIn now uses your data for AI by default, opt out now!
- Behind the scenes of cURL with its founder: Releases, updates, and security
- Product showcase: Exaforce – The full lifecycle AI SOC platform
- AI made crypto scams far more dangerous