Please turn on your JavaScript for this page to function normally.
vBulletin
vBulletin zero-day exploited in the wild in wake of exploit release

An anonymous bug hunter has released a working and elegantly simple exploit for a pre-authentication remote code execution flaw (CVE-2019-16759) affecting vBulletin and it …

WordPress
Attackers are exploiting vulnerable WP plugins to backdoor sites

A group of attackers that has been injecting WordPress-based sites with a script redirecting visitors to malicious and fraudulent pages has now also started backdooring the …

iPhone 8
Google discovers websites exploiting iPhones, pushing spying implants en masse

Unidentified attackers have been compromising websites for nearly three years, equipping them with exploits that would hack visiting iPhones without any user interaction and …

SSL VPN
Attackers are targeting vulnerable Fortigate and Pulse Secure SSL VPNs

Attackers are taking advantage of recently released vulnerability details and PoC exploit code to extract private keys and user passwords from vulnerable Pulse Connect Secure …

Microsoft Azure
Microsoft sets up isolated environment for bug hunters to test attacks against Azure

Microsoft has some very good news for bug hunters: not only has the company doubled the top bounty reward for vulnerabilities discovered in its Azure cloud computing service, …

Palo Alto Networks
Released: PoC for RCE flaw in Palo Alto Networks firewalls, gateways

Palo Alto Networks has silently patched a critical remote code execution vulnerability in its enterprise GlobalProtect SSL VPN, which runs on Palo Alto Networks’ …

Oracle
Another Oracle WebLogic Server RCE under active exploitation

Oracle has released an out-of-band fix for CVE-2019-2729, a critical deserialization vulnerability in a number of versions of Oracle WebLogic Server, and is urging customers …

DNA
Web-based DNA sequencers getting compromised through old, unpatched flaw

Unknown attackers are trying to exploit a vulnerability in dnaLIMS, a Web based bioinformatics laboratory information management system, to implant a bind shell into the …

World target
Linux servers under attack via latest Exim flaw

It didn’t take long for attackers to start exploiting the recently revealed Exim vulnerability (CVE-2019-10149). Active campaigns One security enthusiast detected …

email
Malware peddlers hit Office users with old but reliable exploit

Emails delivering RTF files equipped with an exploit that requires no user interaction (except for opening the booby-trapped file) are hitting European users’ inboxes, …

gap
If you haven’t yet patched the BlueKeep RDP vulnerability, do so now

There is still no public, working exploit code for CVE-2019-0708, a flaw that could allow an unauthenticated remote attacker to execute remote code on a vulnerable target …

WhatsApp
WhatsApp flaw used to install spyware by simply calling the target

A security vulnerability in the popular Facebook-owned end-to-end encrypted messaging app WhatsApp allowed attackers to install spyware on smartphones without any user …

Don't miss

Cybersecurity news