vulnerability
Old Adobe Flex SDK bug still threatens users of many high-profile sites
An old vulnerability affecting old releases of the Adobe Flex SDK compiler can be exploited to compromise user data of visitors to many popular sites, including three of most …
Flaw in Hilton Honors website left all customer accounts wide open
The discovery of a vulnerability in the Hilton HHonors website that could lead to account hijacking and information theft has put a temporary stop to Hilton Hotels & …
Cisco Small Business IP phones vulnerable to eavesdropping
Cisco has confirmed the existence of a flaw affecting its Small Business SPA 300 and 500 series IP phones that can be exploited by attackers to listen to the audio stream of …
WordPress plugin used by millions sports critical site-hijacking flaw
Another popular Yoast WordPress plugin has been found sporting a critical vulnerability that can be exploited by attackers to take over control of the site. A week ago it was …
Pinterest swaps T-shirts for money rewards in bug bounty program
After having migrated their online properties to HTTPS and having sorted out the main problems that arose from the move, Pinterest is ready to pay researchers for information …
Many Android and iOS apps still vulnerable to FREAK attacks
Your browser may no longer be vulnerable to FREAK attacks, but what about the mobile apps you use? According to FireEye researchers, who have tested the most popular apps both …
Search for vulnerable servers unearths weak, thousands-times repeated RSA keys
A group of researchers from the Information Security Group from Royal Holloway, University of London, wanted to see how many TLS servers still supported the weak, export-grade …
D-Link patches critical flaws in wireless range extender, Wi-Fi cameras firmware
D-Link has released new firmware for its DAP-1320 wireless range extender and the DCS-93xL family of Wi-Fi cameras in order to patch two critical vulnerabilities that can lead …
Critical hole in popular WordPress SEO plugin allows SQLi, site hijacking
Another highly popular WordPress plugin has been found sporting a cross-site request forgery flaw that can be exploited to mount a blind SQL injection attack, and could also …
Huge IT Slider WordPress plugin opens SQL injection hole
The 50,000+ active users of the Huge IT Slider WordPress plugin are advised to update to the latest version, as it closes a vulnerability that can be exploited by website …
Microsoft patches flaw exploited by Stuxnet – again
Among the vulnerabilities patched by Microsoft in this month’s Patch Tuesday is one that was supposedly patched back in 2010. The Windows Shell Shortcut Icon Loading …
Flaw in Dropbox SDK for Android lets attackers steal data sent to users’ account
Researchers from IBM’s security team have discovered an authentication flaw in the Dropbox Software Development Kit (SDK) for Android that can be exploited to capture …
Featured news
Resources
Don't miss
- Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703)
- 18 arrested in €300 million global credit card fraud scheme
- PortGPT: How researchers taught an AI to backport security patches automatically
- AI can flag the risk, but only humans can close the loop
- VulnRisk: Open-source vulnerability risk assessment platform