Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Joomla exploit doing rounds, users advised to update

Users who run their sites own sites and use the Joomla CMS but haven’t updated it in a while should do so immediately if they don’t want to see their sites …

Tor users targeted with spyware following anonymous Web-host shutdown

The news that the alleged owner of Freedom Hosting, the internet host for a great number of Tor hidden services, has been arrested and is accused of distributing and promoting …

McAfee ePolicy Orchestrator exploitation tool

US-CERT’s latest advisory focuses on an exploit tool for McAfee ePolicy Orchestrator. The tool targets two vulnerabilities found in ePO versions 4.6.5 and earlier. In …

POC code for critical Android bug published

Last week, researchers from Bluebox Security have made a disconcerting revelation: Google’s Android mobile OS carries a critical bug that allows attackers to modify the …

Malwarebytes acquires ZeroVulnerabilityLabs

Malwarebytes, a provider of anti-malware software, announced the acquisition of ZeroVulnerabilityLabs, a vulnerability, exploit and security research and development firm …

F-Secure advances fight against exploits

Exploitation of software vulnerabilities has become one of the most popular ways to gain access to users’ machines, but F-Secure is reinforcing its exploit defenses with …

Rogue employees, malware exploits and unauthorized software

While IT security professionals recognize the threat posed by unwitting employees, many still admit to allowing administrative privileges to go unmanaged, making organizations …

Google researcher publishes Windows 0-day exploit

Less than two weeks after Google researcher Tavis Ormandy released information about a new Windows zero-day vulnerability on the Full Disclosure mailing list and asked for …

Google defines disclosure timeline for actively exploited bugs

The debate regarding responsible vulnerability disclosure and full vulnerability disclosure has been started many times in the past, and it’s an issue that will continue …

Ruby on Rails bug is being exploited in the wild, researcher warns

Administrators of servers running Ruby on Rails are advised once again to upgrade to the latest versions of the framework (3.2.11, 3.1.10, 3.0.19, and 2.3.15), as a …

Microsoft releases Fix it for critical IE8 0-day

Microsoft has released a one-click Fix it for mitigating the effect of the IE 8 zero-day vulnerability that is being used in watering hole attacks in the wild. Given that a …

Multi-stage exploit attacks for more effective malware delivery

Most drive-by exploit kits use a minimal exploit shellcode that downloads and runs the final payload. This is akin to a two-stage ICBM (InterContinental Ballistic Missile) …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools