Zeljka Zorz
Critical RCE 0day in Apache Log4j library exploited in the wild (CVE-2021-44228)
A critical zero-day vulnerability in Apache Log4j (CVE-2021-44228), a widely used Java logging library, is being leveraged by attackers in the wild – for now, …
Vulnerabilities in Eltima SDK affect popular cloud desktop and USB sharing services
SentinelOne researchers have unearthed a number of privilege escalation vulnerabilities in Eltima SDK, a library used by many cloud desktop and USB sharing services like …
QNAP NAS devices targeted by new bitcoin miner
Unsecured QNAP NAS devices are getting covertly saddled with a new bitcoin miner, QNAP has warned users. “Once a NAS is infected, CPU usage becomes unusually high where …
It’s time to patch your SonicWall SMA 100 series appliances again!
SonicWall has fixed a handful of vulnerabilities affecting its SMA 100 series appliances and is urging organizations to implement the patches as soon as possible. Although …
Attackers exploit another zero-day in ManageEngine software (CVE-2021-44515)
A vulnerability (CVE-2021-44515) in ManageEngine Desktop Central is being leveraged in attacks in the wild to gain access to server running the vulnerable software. About …
Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)
An APT group is leveraging a critical vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including …
300.000+ users downloaded malware droppers from Google Play
Since August 2021, malware peddlers have managed to spread four families of Android banking trojans via malware droppers introduced in Google Play. They did it by employing a …
After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)
A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its …
Small businesses urged to protect their customers from card skimming
With Black Friday and Cyber Monday quickly approaching, the UK National Cyber Security Centre (NCSC) is urging small online shops to protect their customers from card skimming …
GoDaddy breach: SSL keys, sFTP, database passwords of WordPress customers exposed
GoDaddy, the popular internet domain registrar and web hosting company, has suffered a data breach that affected over a million of their Managed WordPress customers. What …
How to find hidden spy cameras with a smartphone
Researchers from the National University of Singapore and Yonsei University in South Korea have devised a mobile application that uses smartphones’ time-of-flight (ToF) …
Malicious Python packages employ advanced detection evasion techniques
JFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over …
Featured news
Resources
Don't miss
- Google fixes actively exploited Chrome zero-day vulnerability (CVE-2025-10585)
- LinkedIn now uses your data for AI by default, opt out now!
- Behind the scenes of cURL with its founder: Releases, updates, and security
- Product showcase: Exaforce – The full lifecycle AI SOC platform
- AI made crypto scams far more dangerous