Apache Solr RCEs with public PoCs could soon be exploited
Two remote code execution (RCE) vulnerabilities in Apache Solr could be exploited by attackers to compromise the underlying server. One – CVE-2019-12409 – has …
Phishing attempts increase 400%, many malicious URLs found on trusted domains
1 in 50 URLs are malicious, nearly one-third of phishing sites use HTTPS and Windows 7 exploits have grown 75% since January. A new Webroot report also highlights the …
vBulletin zero-day exploited in the wild in wake of exploit release
An anonymous bug hunter has released a working and elegantly simple exploit for a pre-authentication remote code execution flaw (CVE-2019-16759) affecting vBulletin and it …
Attackers are exploiting vulnerable WP plugins to backdoor sites
A group of attackers that has been injecting WordPress-based sites with a script redirecting visitors to malicious and fraudulent pages has now also started backdooring the …
Google discovers websites exploiting iPhones, pushing spying implants en masse
Unidentified attackers have been compromising websites for nearly three years, equipping them with exploits that would hack visiting iPhones without any user interaction and …
Attackers are targeting vulnerable Fortigate and Pulse Secure SSL VPNs
Attackers are taking advantage of recently released vulnerability details and PoC exploit code to extract private keys and user passwords from vulnerable Pulse Connect Secure …
Microsoft sets up isolated environment for bug hunters to test attacks against Azure
Microsoft has some very good news for bug hunters: not only has the company doubled the top bounty reward for vulnerabilities discovered in its Azure cloud computing service, …
Released: PoC for RCE flaw in Palo Alto Networks firewalls, gateways
Palo Alto Networks has silently patched a critical remote code execution vulnerability in its enterprise GlobalProtect SSL VPN, which runs on Palo Alto Networks’ …
Another Oracle WebLogic Server RCE under active exploitation
Oracle has released an out-of-band fix for CVE-2019-2729, a critical deserialization vulnerability in a number of versions of Oracle WebLogic Server, and is urging customers …
Web-based DNA sequencers getting compromised through old, unpatched flaw
Unknown attackers are trying to exploit a vulnerability in dnaLIMS, a Web based bioinformatics laboratory information management system, to implant a bind shell into the …
Linux servers under attack via latest Exim flaw
It didn’t take long for attackers to start exploiting the recently revealed Exim vulnerability (CVE-2019-10149). Active campaigns One security enthusiast detected …
Malware peddlers hit Office users with old but reliable exploit
Emails delivering RTF files equipped with an exploit that requires no user interaction (except for opening the booby-trapped file) are hitting European users’ inboxes, …
Featured news
Sponsored
Don't miss
- Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
- SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
- ChatGPTriage: How can CISOs see and control employees’ AI use?
- Managing exam pressure: Tips for certification preparation
- Firmware update hides Bluetooth fingerprints