Please turn on your JavaScript for this page to function normally.
Yelp
Yelp makes its bug bounty program public

After two years of keeping their bug bounty program private and relatively secret, Yelp is opening it up and has invited bug hunters to probe its sites, apps, and …

Car
Vulnerabilities found in cars connected to smartphones

Many of today’s automobiles leave the factory with secret passengers: prototype software features that are disabled but that can be unlocked by clever drivers. In what …

D-Link NAS
XSS flaw in D-Link NAS devices allows attackers to mess with your data

Security researcher Benjamin Daniel Mussler has unearthed an XSS flaw affecting seven D-Link NAS devices – a flaw which could allow attackers to access the devices and …

Apple iOS 9
Apple plugs three actively exploited iOS zero-days

Owners of Apple’s mobile devices are advised to upgrade to iOS version 9.3.5 as soon as possible, as it fixes three zero-day vulnerabilities actively exploited in the …

rings
Mail.ru, Funcom gaming forums hacked, user databases stolen

Vulnerabilities in older versions of the popular vBulletin Internet forum software are being exploited left and right, and data of millions of forum users is being pilfered …

radio mast
Hackers can easily take over cellphone towers, researchers found

Zimperium researchers have unearthed three critical vulnerabilities in widely used software running on base transceiver stations (BTS), i.e. the equipment that makes cellphone …

GnuPG
18-year-old random number generator flaw fixed in Libgcrypt, GnuPG

Researchers have discovered a “critical security problem” that affects all versions of the Libgcrypt cryptographic library and, therefore, all versions of the …

Sn1per
Sn1per: Automated pentest recon scanner

Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. “I originally created Sn1per because I didn’t want …

Rockwell Automation's MicroLogix 1400
Bug in Rockwell’s PLCs allows attackers to modify firmware

There is an undocumented SNMP community string in Rockwell Automation’s MicroLogix 1400 programmable logic controllers that can be exploited by attackers to remotely …

https
Proxy authentication flaw can be exploited to crack HTTPS protection

Mistakes made in the implementation of proxy authentication in a variety of operating systems and applications have resulted in security vulnerabilities that allow MitM …

Attackers can hijack unencrypted web traffic of 80% of Android users

The recently revealed security bug (CVE-2016-5696) in the TCP implementation in the Linux kernel that could allow attackers to hijack unencrypted web traffic without an MitM …

Dota 2
Dota 2 Dev forum breached, nearly 2 million users affected

A hacker has breached the official Dota 2 Dev forum and made off with the entire forum database, which contains email addresses, usernames, IP addresses, and salted password …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released whent there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools