Advantech WebAccess RCE flaw still exploitable, exploit code available
A vulnerability in Advantech WebAccess, a web browser-based software package for human-machine interfaces (HMI) and supervisory control and data acquisition (SCADA) systems, …
Windows zero-day flaw and PoC unveiled via Twitter
A Windows zero-day local privilege escalation flaw and a Proof-of-Concept exploit for it have been revealed on Monday by someone who goes by SandboxEscaper on Twitter. The …
PoC exploit for critical Apache Struts flaw found online
The Apache Software Foundation revealed last week the existence of a critical Apache Struts flaw (CVE-2018-11776) similar to the one exploited in the Equifax breach and urged …
Hacking smart plugs to enter business networks
McAfee researchers have discovered a buffer overflow flaw in Belkin’s Wemo Insight Smart Plug that can be exploited by attackers to access and interfere with other …
Should we add bugs to software to put off attackers?
A group of New York University researchers are testing a new approach to software security: adding more bugs to it instead of removing them. The idea is to “drown …
Compromised MikroTik routers power extensive cryptojacking campaign
A massive cryptojacking campaign that relies on compromised MikroTik routers serves users with pages injected with the Coinhive mining script. It seems that the attacker …
Cisco ASA and Firepower flaw exploited in the wild
A high-severity vulnerability affecting Cisco ASA and Firepower security appliances is being exploited in the wild after an exploit has been released online on Friday. …
Quantifying cyber exposure: Attackers are racing ahead
Cybercriminals have a median seven-day window of opportunity during which they can exploit a vulnerability to attack their victims, potentially siphoning sensitive data, …
New Drupal RCE vulnerability under active exploitation, patch ASAP!
Yet another Drupal remote code execution vulnerability has been patched by the Drupal security team, who urge users to implement the offered updates immediately as the flaw is …
Hackers leverage flaw in Cisco switches to hit Russian, Iranian networks
The proof-of-concept exploit code for a vulnerability affecting many Cisco switches has been leveraged by vigilante hackers to mess with networks and data-centers in Russia …
Privilege escalation on Unix machines via plugins for text editors
Several of the most popular extensible text editors for Unix environments could be misused by attackers to escalate privileges on targeted systems, SafeBreach researchers have …
Microsoft kicks off bounty program for speculative execution bugs
Microsoft wants security researchers to search for and report speculative execution side channel vulnerabilities (a hardware vulnerability class that affects CPUs from …
Featured news
Resources
Don't miss
- Threat actors are scanning your environment, even if you’re not
- GoSearch: Open-source OSINT tool for uncovering digital footprints
- Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)
- Top must-visit companies at RSAC 2025
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)