vulnerability
Bash “Shellshock” bug: Who needs to worry?
As expected, attackers have begun exploiting the GNU Bash “Shellshock” remote code execution bug (CVE-2014-6271) to compromise systems and infect them with …
Critical SSL flaw patched in Firefox, Thunderbird, Chrome
If you are a Mozilla Firefox, Thunderbird or Seamonkey user, you should implement the latest patches issued by the company as soon as possible, as they fix a critical bug …
Critical Bash bug opens Unix, Linux, OS X systems to attacks
The Bash “shellshock” flaw (CVE-2014-6271) was discovered last week by Unix/Linux specialist Stephane Chazelas, and its existence was made public on Wednesday. It …
Microsoft launches bug bounty program for Online Services
Microsoft has launched another bug bounty program, and this one will focus on its Online Services. Bug hunters are urged to submit vulnerabilities affecting the following …
Critical Android Browser bug threatens users’ privacy
Earlier this month, security researcher Rafay Baloch has released a proof-of-concept exploit that takes advantage of a vulnerability in an Android Browser’s security …
XSS bug allows Amazon account hijacking
A recurring XSS bug in Amazon’s Kindle Library, i.e. the “Manage your Kindle” web application, can be exploited by attackers looking to hijack users’ …
Google Apps scripts can be easily misused by scammers
Andrew Cantino, VP of Engineering at Mavenlink but also a bug hunter in his free time, has discovered that Google Apps Scripts can be misused by attackers to access …
DARPA is after vulnerabilities in algorithms implemented in software
The Defense Advanced Research Projects Agency (DARPA) is looking for new program analysis techniques and tools to enable analysts to identify vulnerabilities in algorithms …
Blackphone security issues and vulnerabilities unveiled
Blackphone, the carrier- and vendor-independent smartphone that was created with the goal of placing privacy and control directly in the hands of its users, is not without its …
Researchers compile list of Android apps that allow MitM attacks
Around 350 Android apps that can be downloaded from Google Play and Amazon stores fail to properly validate SSL certificates for HTTPS connections, and thus open users to …
Coursera privacy issues exposed
When well-known lawyer and Stanford law lecturer Jonathan Mayer was invited to teach a course on government surveillance on Coursera, the popular online website offering free …
Lessons learned from running 95 bug bounty programs
Large companies such as Google and Facebook have dedicated teams that review bug submissions, verify valid bugs and reward security researchers, but that can be time and …
Featured news
Resources
Don't miss
- Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812)
- Where policy meets profit: Navigating the new frontier of defense tech startups
- Four arrested in connection with M&S, Co-op ransomware attacks
- Ruckus network management solutions riddled with unpatched vulnerabilities
- What EU’s PQC roadmap means on the ground