A severe PHP exploit proof-of-concept attack could allow remote code execution attacks on several content management platforms including Typo3 and WordPress.
Multiple versions of cardiovascular imaging and information management software from Philips have been found to contain vulnerabilities that could lead to escalated privileges and arbitrary code execution.
Cybercriminals may soon be able to target entire power grids without using Stuxnet like malware to infiltrate critical infrastructure.
US-Cert announced updates and patch releases for VMware, Samba, Internet Key Exchange, and Linux kernel, respectively, to address a host of vulnerabilities.
A presentation at Def Con 2018 last week revealed an unpatched vulnerability in macOS devices that can allow malware to bypass certain security checks using a technique that fakes user mouse clicks.
Check Point researchers discovered a new attack surface for Android applications that leverages external storage, dubbed Man-in-the-Disk attacks.
Adobe today issued patched updates for Acrobat and Reader, Flash Player, Experience Manager, and the Cloud Desktop Application, collectively fixing 11 vulnerabilities, two of them critical.
The U.S. Marine Corps, in conjunction with HackerOne, kicked off its bug bounty program at Black Hat last week with 100 hackers participating in a nine-hour hackathon against various public-facing Marine Corps websites.
Hacking some voting equipment is evidently child's play, at least that was the result of a program run during Def Con's Voting Village when 35 kids were able to access replicas of six secretary of state websites, one within just 10 minutes.
Harsh words were expressed last week by the organizers of the Def Con Voting Village to one of the primary election voting machine manufacturers and the National Association of Secretaries of State (NASS) as the former group had eager show attendees spend time attempting to find flaws in 30 actively used voting machines.
VMware this week updated its Horizon 6, Horizon 7 and Horizon Client for Windows solutions to fix an important out-of-bounds read vulnerability in the Message Framework library.
Some of the biggest players who worked behind the scenes during the run-up to the Jan. 3 disclosure of Meltdown and Spectre came together at Black Hat 2018 to discuss what their companies, and others, did after the vulnerabilities first became known.
Hackers could exploit the very things -- encryption and digital certificates -- that ensure privacy and provide authentication between devices, apps, and clouds.
A team of researchers yesterday disclosed 22 vulnerabilities in OpenEMR, a widely used medical practice management software program that supports electronic medical records, including a portal authentication bypass flaw that could have allowed users to access random patient records.
The Mozilla Foundation has released the latest version of its Thunderbird email client, fixing 14 security vulnerabilities along the way, including five critical ones, three of which can result in a potentially exploitable crash.
A vulnerability report posted last Wednesday on the HackerOne bug bounty platform reveals that code from Monero's cryptocurrency wallet contained a critical flaw that attackers could exploit to steal directly from digital coin exchanges.
Mingw-w64, a 2005 update of the open-source MinGW software development environment for Windows applications, has been found to produce executables that are incompatible with ASLR, a technology that reduces the effectiveness of malicious shellcode.
The program is private and those who have been invited to participate have been instructed to focus on firmware-level vulnerabilities.
Students from Graz University of Technology have shown a proof of concept for an attack called NetSpectre, which is based on a Spectre variant 1 attack, but can be executed remotely with no local code execution on the target system. However, industry insiders believe this particular attack is too impractical to pull off.
Symantec's ID theft prevention subsidiary LifeLock suffered from some embarrassing optics on Wednesday after it was reported that an error in its e-marketing unsubscribe process left the email addresses of its customers exposed to potential data theft and tampering.
U.S. CERT issued an advisory note warning Bluetooth firmware or operating system software drivers are missing a required cryptographic step enabling man in the middle attacks to take place.
An apparent botnet comprised of more than 3,000 separate source IPs generated a large, sudden spike in exploit attacks on July 19, targeting D-Link 2750B and certain Dasan GPON (Gigabit Passive Optical Network) small and home office routers.