vulnerability
First Java zero-day in two years exploited by Pawn Storm hackers
Another zero-day vulnerability is being exploited in attacks spotted in the wild: this time, the targeted software is Java.The flaw was spotted by Trend Micro researchers, who …
Flaw allows hijacking of professional surveillance AirLive cameras
Nahuel Riva, a research engineer from Core Security, discovered vulnerabilities in AirLive’s surveillance cameras designed for professional surveillance and security …
Old MS Office feature can be exploited to deliver, execute malware
A Microsoft Office functionality that has been in use since the early 1990s can be exploited to deliver malicious, executable files to users without triggering widely used …
Researchers point out the holes in NoScript’s default whitelist
Security researchers Linus Särud and Matthew Bryant hav recently discovered some pretty big holes in NoScript, a popular Firefox plugin that prevents executable web content …
Popular VPNs leak data, don’t offer promised privacy and anonymity
Virtual Private Network (VPN) services can be used for circumventing Internet censorship and accessing blocked content, but researchers warn that you shouldn’t believe …
Cisco finds, removes more default SSH keys on its software
Cisco has pushed out security updates to address two vulnerabilities in its Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Content …
Deadly Windows, Reader font bugs can lead to full system compromise
“Even in 2015 – the era of high-quality mitigations and security mechanisms – one good bug still suffices for a complete system compromise,” Mateusz …
Instapaper for Android vulnerable to man-in-the-middle attacks
Bitdefender researchers have discovered that Android app Instapaper is vulnerable to man-in-the-middle attacks that could expose users’ signup/login credentials when logging …
Who fixes the most vulnerabilities?
Web and mobile applications produced or used by government organizations are more likely than those in other industries to fail standard security policies like the OWASP Top …
Critical RubyGems vulns can lead to installation of malicious apps
A serious vulnerability in RubyGems, a package manager for the Ruby programming language, can be exploited to trick end users into installing malware from attacker-controlled …
New Drupal versions fix admin account hijack flaw
New versions of popular open source content management system Drupal are out, and fix a series of vulnerabilities, including a critical one that can result in an attacker …
Why LinkedIn chose to keep its bug bounty program private
Bug bounty programs have become de rigueur for tech and Internet companies that want to improve the security of their products by (partly) outsourcing bug discovery. But while …
Featured news
Resources
Don't miss
- CISA: Use Signal or other secure communications app
- Another NetWalker affiliate sentenced to 20 years in prison
- Why cybersecurity is critical to energy modernization
- Cryptocurrency hackers stole $2.2 billion from platforms in 2024
- CISA orders federal agencies to secure their Microsoft cloud environments