Attackers increasingly exploiting vulnerabilities to enlarge their IoT botnets
Attackers looking to add IoT devices to their botnets are increasingly adding vulnerability exploitation to their attack arsenal, Netscout researchers warn. Instead on just …
Adobe patches newly exploited Flash zero-day
Adobe has released an out-of-band security update for Flash Player that fixes two vulnerabilities, one of which is a zero-day (CVE-2018-15982) that has been spotted being …
VirtualBox Guest-to-Host escape 0day and exploit released online
Independent vulnerability researcher Sergey Zelenyuk has made public a zero-day vulnerability he discovered in VirtualBox, the popular open source virtualization software …
PoC exploit for Windows Shell RCE released
Here’s one more reason to hurry with the implementation of the latest Microsoft patches: a PoC exploit for a remote code execution vulnerability that can be exploited …
Popular TP-Link wireless home router open to remote hijacking
By concatenating a known improper authentication flaw with a newly discovered CSRF vulnerability, remote unauthenticated attackers can obtain full control over TP-Link …
Python-based attack tools are the most common vector for launching exploit attempts
Hackers have an obvious predilection for Python-based attack tools, says Imperva. “When examining the use of Python in attacks against sites we protect, the result was …
Advantech WebAccess RCE flaw still exploitable, exploit code available
A vulnerability in Advantech WebAccess, a web browser-based software package for human-machine interfaces (HMI) and supervisory control and data acquisition (SCADA) systems, …
Windows zero-day flaw and PoC unveiled via Twitter
A Windows zero-day local privilege escalation flaw and a Proof-of-Concept exploit for it have been revealed on Monday by someone who goes by SandboxEscaper on Twitter. The …
PoC exploit for critical Apache Struts flaw found online
The Apache Software Foundation revealed last week the existence of a critical Apache Struts flaw (CVE-2018-11776) similar to the one exploited in the Equifax breach and urged …
Hacking smart plugs to enter business networks
McAfee researchers have discovered a buffer overflow flaw in Belkin’s Wemo Insight Smart Plug that can be exploited by attackers to access and interfere with other …
Should we add bugs to software to put off attackers?
A group of New York University researchers are testing a new approach to software security: adding more bugs to it instead of removing them. The idea is to “drown …
Compromised MikroTik routers power extensive cryptojacking campaign
A massive cryptojacking campaign that relies on compromised MikroTik routers serves users with pages injected with the Coinhive mining script. It seems that the attacker …
Featured news
Resources
Don't miss
- The overlooked risks of poor data hygiene in AI-driven organizations
- How to customize Safari for private browsing on iOS
- Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968)
- Swap EOL Zyxel routers, upgrade Netgear ones!
- Crypto-stealing iOS, Android malware found on App Store, Google Play