About the Flash zero-day currently exploited in the wild
The zero-day Flash Player vulnerability (CVE-2018-4878) that Adobe warned about on Thursday was leveraged by North Korean hackers. FireEye calls the group TEMP.Reaper and …
AutoSploit: Automated mass exploitation of remote hosts using Shodan and Metasploit
A “cyber security enthusiast” that goes by VectorSEC on Twitter has published AutoSploit, a Python-based tool that takes advantage of Shodan and Metasploit modules …
IoT malware targeting zero-day vulnerabilities
Once it became evident that IoT devices can be relatively easily enslaved in botnets and that even their limited power can be used for a variety of nefarious purposes, it was …
PyCryptoMiner ropes Linux machines into Monero-mining botnet
A Linux-based botnet that has been flying under the radar has earned its master at least 158 Monero (currently valued around $63,000). The malware The botnet is based on a …
Spoofed IRS notice delivers RAT through link updating trick
The malware delivery trick involving updating links in Word documents is apparently gaining some traction: the latest campaign to use it likely takes the form of fake emails …
Easily exploitable Apache Struts vulnerability opens businesses to attack
A critical vulnerability in Apache Struts, a popular open source framework for developing web applications, opens any server running an app built using it to remote attackers. …
Attackers turn to auto-updating links instead of macros to deliver malware
SANS ISC handler Xavier Mertens has flagged and analyzed a malicious Word file that, somehow, is made to automatically download an additional malicious RTF file, ultimately …
Researchers pull off DNA-based malicious code injection attack
Researchers have demonstrated that it’s possible to create synthetic DNA strands containing malicious computer code that, if sequenced and analyzed, could compromise a …
Attackers are taking over NAS devices via SambaCry flaw
A Samba remote code execution flaw patched in May is being exploited to compromise IoT devices running on different architectures (MIPS, ARM, PowerPC, etc.), Trend Micro …
Stack Clash bug could give root privileges to attackers on Unix, Linux systems
Qualys researchers have unearthed a serious privilege escalation bug affecting a wide variety of Unix and Unix-based operating systems, and has been working with vendors to …
How the CIA hacked wireless home routers
For many years, the CIA has had the capability to compromise a wide range of commercial wireless routers, and to monitor, control and manipulate the traffic passing through …
Joomla users: Update immediately to kill severe SQLi vulnerability
Version 3.7 of Joomla, pushed out less than a month ago, opens websites to SQL injection attacks, Sucury Security researchers have found. As explained by researcher …
Featured news
Resources
Don't miss
- Quantifying cyber risk strategies to resonate with CFOs and boards
- Top 5 threats keeping CISOs up at night in 2025
- CISOs, are your medical devices secure? Attackers are watching closely
- Cybersecurity classics: 10 books that shaped the industry
- NIST selects HQC as backup algorithm for post-quantum encryption