vulnerability
WordPress vulnerable to yet another, still to be patched XSS flaw
The latest WordPress version (4.2, released on Thursday) and several earlier ones are vulnerable to a stored cross-site scripting (XSS) vulnerability that can be exploited to …
100,000 web shops open to compromise as attackers exploit Magento bug
A critical vulnerability found in Magento, the most popular content management system for e-commerce sites, is being exploited by hackers to get their hands on users’ …
WordPress issues critical security release
WordPress users should update as soon as possible, as the latest release (4.1.2) plugs a critical cross-site scripting vulnerability that could allow anonymous users to …
Microsoft announces bug bounties for Spartan, Azure
As the official launch of Windows 10 approaches, Microsoft has launched a new bug bounty related to its Technical Preview version, and is asking bug hunters to analyze its new …
Vulnerability management for over 15,000 unique apps
Tripwire announced at RSA Conference 2015 that its Tripwire IP360 solution now discovers more than 100,000 conditions, including vulnerabilities, configurations and operating …
Popular WordPress plugins vulnerable to XSS
At least 17 WordPress plugins – and likely even more of them – have been found vulnerable to cross-site scripting (XSS) flaws that could allow attackers to inject …
1,500 iOS apps sport flaw that allows interception of sensitive user data
A bug in an older version of AFNetworking, an open source library widely used for adding networking capabilities to iOS and OS X apps, can allow attackers to intercept and …
Apple’s fix didn’t close Rootpipe backdoor
When TrueSec researcher Emil Kvarnhammar discovered a privilege escalation bug affecting OS X that could allow attackers to gain complete control of the target’s Mac …
Attackers actively downing Microsoft’s IIS web servers
Attackers are actively exploiting a DoS vulnerability (CVE-2015-1635) affecting Microsoft’s Internet Information Services (IIS) extensible web server, SANS ISC CTO …
Exploit for crashing Minecraft servers made public
After nearly two years of waiting for Mojang to fix a security vulnerability that can be used to crash Minecraft servers, programmer Ammar Askar has released a proof of …
D-Link’s failed patch for DIR-890L router adds a new hole
Prolific hacker Craig Heffner, who has a particular interest in hacking embedded devices, has recently documented the existence of a command injection bug in the firmware of …
Cisco splats router bug that can lead to persistent DoS
Cisco has patched a vulnerability that affects Cisco ASR 9000 Series Aggregation Services Routers and can be exploited by a remote, unauthenticated attacker to effectively …
Featured news
Resources
Don't miss
- Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245)
- June 2026 Patch Tuesday forecast: Where are the CVEs?
- AgentGG: Open-source agentic SAST scanner
- Thieves can pull off keyless car theft in under a minute and here’s how to stop them
- OAuth marketplace apps keep access after publishers vanish