Attackers are exploiting vulnerable WP plugins to backdoor sites
A group of attackers that has been injecting WordPress-based sites with a script redirecting visitors to malicious and fraudulent pages has now also started backdooring the …
Google discovers websites exploiting iPhones, pushing spying implants en masse
Unidentified attackers have been compromising websites for nearly three years, equipping them with exploits that would hack visiting iPhones without any user interaction and …
Attackers are targeting vulnerable Fortigate and Pulse Secure SSL VPNs
Attackers are taking advantage of recently released vulnerability details and PoC exploit code to extract private keys and user passwords from vulnerable Pulse Connect Secure …
Microsoft sets up isolated environment for bug hunters to test attacks against Azure
Microsoft has some very good news for bug hunters: not only has the company doubled the top bounty reward for vulnerabilities discovered in its Azure cloud computing service, …
Released: PoC for RCE flaw in Palo Alto Networks firewalls, gateways
Palo Alto Networks has silently patched a critical remote code execution vulnerability in its enterprise GlobalProtect SSL VPN, which runs on Palo Alto Networks’ …
Another Oracle WebLogic Server RCE under active exploitation
Oracle has released an out-of-band fix for CVE-2019-2729, a critical deserialization vulnerability in a number of versions of Oracle WebLogic Server, and is urging customers …
Web-based DNA sequencers getting compromised through old, unpatched flaw
Unknown attackers are trying to exploit a vulnerability in dnaLIMS, a Web based bioinformatics laboratory information management system, to implant a bind shell into the …
Linux servers under attack via latest Exim flaw
It didn’t take long for attackers to start exploiting the recently revealed Exim vulnerability (CVE-2019-10149). Active campaigns One security enthusiast detected …
Malware peddlers hit Office users with old but reliable exploit
Emails delivering RTF files equipped with an exploit that requires no user interaction (except for opening the booby-trapped file) are hitting European users’ inboxes, …
If you haven’t yet patched the BlueKeep RDP vulnerability, do so now
There is still no public, working exploit code for CVE-2019-0708, a flaw that could allow an unauthenticated remote attacker to execute remote code on a vulnerable target …
WhatsApp flaw used to install spyware by simply calling the target
A security vulnerability in the popular Facebook-owned end-to-end encrypted messaging app WhatsApp allowed attackers to install spyware on smartphones without any user …
High-risk vulnerability in Cisco’s secure boot process impacts millions of devices
Red Balloon Security has discovered a high-risk vulnerability in Cisco’s secure boot process which impacts a wide range of Cisco products in use among enterprise and …
Featured news
Resources
Don't miss
- Threat actors are scanning your environment, even if you’re not
- GoSearch: Open-source OSINT tool for uncovering digital footprints
- Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)
- Top must-visit companies at RSAC 2025
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)