Researchers have discovered freely available PoC code and exploit that can be used to attack unpatched security holes in Apache Struts 2.
The XCSSET suite of malware also hijacks browsers, has a ransomware module and more — and uses a pair of zero-day exploits.
Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between August 7 and August 14. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are […]
Check Point security researchers have identified a series of vulnerabilities that open the gate for a variety of attacks targeting Alexa, Amazon’s virtual assistant.
A newly discovered piece of malware designed to target macOS systems spreads through Xcode projects and exploits what researchers have described as two zero-day vulnerabilities.
Microsoft scheduled updates for this month are out. With Patch Tuesday August, Microsoft fixed over a hundred security vulnerabilities including
Microsoft August Patch Tuesday Addressed 120 Bugs With Two Zero-Days on Latest Hacking News.
The cross-site scripting flaw could enable arbitrary code execution, information disclosure – and even account takeover.
A potentially serious cross-site scripting (XSS) vulnerability affecting the TinyMCE rich text editor can be exploited — depending on the implementation — for privilege escalation, obtaining information, or account takeover.
FireEye this week announced that its Bugcrowd-powered bug bounty program has become public, for all registered researchers to participate.
Researchers disclosed flaws in Amazon Alexa that could allow attackers to access personal data and install skills on Echo devices.