vulnerability
![Broken glass](https://img.helpnetsecurity.com/wp-content/uploads/2015/12/09195722/glass-262105_1920-400x200.jpg)
Researchers release PoC exploit for broken IBM Java patch
Polish firm Security Explorations has had enough of broken patches for security vulnerabilities it has reported to vendors. On Monday, the company’s CEO Adam Gowdiak has …
![Bug](https://img.helpnetsecurity.com/wp-content/uploads/2016/01/09195248/bug-400x200.jpg)
Microsoft plugs online services account hijacking vulnerability
London-based security researcher and bug hunter Jack Whitton has discovered a serious cross-site request forgery flaw affecting Microsoft’s authentication system for …
![vault](https://img.helpnetsecurity.com/wp-content/uploads/2016/04/09113326/vault-400x200.jpg)
Update your ManageEngine Password Manager Pro ASAP!
Security researcher Sebastian Perez has revealed eight serious security vulnerabilities in ManageEngine Password Manager Pro (PMP), a password management software for …
![usa passport](https://img.helpnetsecurity.com/wp-content/uploads/2016/04/09113315/usa-passport-400x200.jpg)
US passport and visa database open to intrusion?
The Consular Consolidated Database (CCD), which contains over 290 million passport-related records, 184 million visa records, and 25 million records on US citizens living …
![Security](https://img.helpnetsecurity.com/wp-content/uploads/2015/12/09195724/security-265130_1280-1-400x200.jpg)
PHP, Python still fail to spot revoked TLS certificates
In 2012, a group of researchers demonstrated that SSL certificate validation is broken in many applications and libraries, and pointed out the root causes for that situation: …
![Red door](https://img.helpnetsecurity.com/wp-content/uploads/2016/01/09195306/door_red-400x200.jpg)
Flaw in HID door controllers lets attackers unlock doors, deactivate alarms
Trend Micro researcher Ricky Lawshae has unearthed a critical vulnerability in HID’s VertX and Edge door controllers. Exploiting the flaw is easy, and could result in …
![iPhone](https://img.helpnetsecurity.com/wp-content/uploads/2016/03/09113337/ios-sidestepper-400x200.jpg)
SideStepper vulnerability can be used to install malicious apps on iOS
Check Point researchers have identified SideStepper, a vulnerability that can be used to install malicious apps on iPhones and iPads to steal login credentials and sensitive …
![Steam](https://img.helpnetsecurity.com/wp-content/uploads/2016/03/09113345/steam-1-400x200.jpg)
Student bypasses Valve’s review process, publishes game on Steam
Sometimes the only way to get an organization to listen to you when it comes to existing vulnerabilities in their products is to exploit them yourself and make the proof of …
![Pyxis SupplyStation system](https://img.helpnetsecurity.com/wp-content/uploads/2016/03/09113347/pyxis-supplystation-system-400x200.png)
1,400+ vulnerabilities found in automated medical supply system
Security researchers have discovered 1,418 vulnerabilities in CareFusion’s Pyxis SupplyStation system – automated cabinets used to dispense medical supplies …
![AT&T IoT report](https://img.helpnetsecurity.com/wp-content/uploads/2016/02/09194243/att-iot-report-400x200.jpg)
Commonly used IoT devices vulnerable to privacy theft
A technical investigation by Bitdefender has discovered that four commonly used Internet of Things (IoT) consumer devices are vulnerable to attack. The analysis reveals that …
![earth](https://img.helpnetsecurity.com/wp-content/uploads/2016/07/09111449/earthspace-400x200.jpg)
Security and privacy issues in QQ Browser put millions of users at risk
Citizen Lab researchers identified security and privacy issues in QQ Browser, a mobile browser produced by China-based Tencent, which may put millions of users of the …
![Apple](https://img.helpnetsecurity.com/wp-content/uploads/2016/03/09113415/apple-1-400x200.jpg)
OS X zero day bug allows hackers to bypass system integrity protection
An OS X zero day vulnerability could allow attackers to bypass System Integrity Protection, Apple’s newest protection feature, and to escalate their privileges, simplifying …
Featured news
Sponsored
Don't miss
- Overlooked essentials: API security best practices
- SubSnipe: Open-source tool for finding subdomains vulnerable to takeover
- Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
- SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
- ChatGPTriage: How can CISOs see and control employees’ AI use?