Zeljka Zorz
Microsoft pushes out patches for critical Flash Player vulnerabilities
Microsoft has skipped its February 2017 Patch Tuesday and postponed the release of those patches for March, but there are apparently security vulnerabilities that must be …
Detecting PLC malware in industrial control systems
How can attackers load programmable logic controllers (PLC) with destructive malware, and how can the operators of industrial control systems (ICS) detect it? According to a …
How IDF soldiers’ phones got turned into spying devices
For many months now, an unknown threat actor has been tricking servicemen in the Israel Defense Forces (IDF) into installing Android spyware. Israeli media says that the …
The dangers that come with buying pre-owned IoT devices
When you buy a second-hand connected car, can you be sure that it is not still not reachable by its former owner? Similarly, when you sell your own connected car, how can you …
Magento-based online shops hit with self-healing malware
Administrators of e-commerce sites running on the open source platform Magento would do well to check their database for triggers with suspicious SQL code, warns Willem de …
Insecure car-controlling Android apps are a boon for car thieves
Being an expensive thing, a car requires an approach to security that is no less meticulous than that of a bank account. Yet, car manufacturers are infinitely more interested …
Qualys app for IBM QRadar offers critical insight into key vulnerability metrics
At RSA Conference 2017, Qualys launched a new Qualys App for the IBM QRadar Security Intelligence Platform, which allows customers to visualize their network IT assets and …
Hacker breached 60+ unis, govt agencies via SQL injection
A hacker tied to the November 2016 penetration of the US Election Assistance Commission and subsequent database sale has successfully targeted 60+ government agencies and …
Secure messaging app Wickr opens core crypto protocol to review
Wickr, the San Francisco-based company that’s behind the secure ephemeral messaging app of the same name, has published the core crypto protocol powering both the …
Yahoo notifies more users of malicious account activity
Yahoo has sent out another round of account compromise notifications, warning users that hackers may have accessed their accounts by using forged cookies instead of passwords. …
Researchers bypass ASLR protection with simple JavaScript code
A group of researchers from the Systems and Network Security Group at VU Amsterdam have discovered a way to bypass address space layout randomization (ASLR) protections of …
XAgentOSX Mac malware linked to Russian hacking group
Researchers have discovered and analyzed a new piece of Mac malware that is believed to be used by the Sofacy (aka Fancy Bear, aka Pawn Storm, aka APT28) hacking group. …
Featured news
Resources
Don't miss
- Google patches actively exploited Chrome (CVE‑2025‑6554)
- Federal Reserve System CISO on aligning cyber risk management with transparency, trust
- How cybercriminals are weaponizing AI and what CISOs should do about it
- How analyzing 700,000 security incidents helped our understanding of Living Off the Land tactics
- CitrixBleed 2 might be actively exploited (CVE-2025-5777)