A presentation at Def Con 2018 last week revealed an unpatched vulnerability in macOS devices that can allow malware to bypass certain security checks using a technique that fakes user mouse clicks.
Joshua Adam Schulte has not yet been charged with leaking classified information but is being held in the Metropolitan Correctional Center in New York after being indicted for possession of child pornography.
Microsoft Corporation's Patch Tuesday release today fixed 67 bugs, including two that have been actively exploited in zero-day attacks, and another two whose details became public.
Tenable Security researchers have revealed a Zero Day flaw in two Schneider Electric industrial controller that if exploited could give an attacker an attack the ability to remotely execute code with high privileges.
Reputed North Korean APT group TEMP.Reaper, the alleged culprit behind a zero-day ROKRAT malware campaign leveraging Adobe Flash Player vulnerability CVE-2018-4878, has been expanding its global target list despite remaining largely under the radar, according to a new FireEye research report.
Malicious actors kept busy late last year adding new weapons to their arsenal while placing others on the backburner as they attempted to profit from new honey holes like cryptocurrency mining and boosting the amount of old favorites like malspam.
An independent security researcher that goes by the handle Siguza revealed a local privilege escalation Zero Day in macOS that can be exploited by any unprivileged user.
APT28 is now also being named as one of the cyber gangs attempting to take advantage of Adobe Flash vulnerability CVE-2017-11292.
Adobe Systems on Monday issued an emergency patch for a zero-day Flash Player vulnerability, after an APT group was discovered actively exploiting the bug as a means to infect machines with FinSpy surveillance malware.
Zero-day-acquisition firm Zerodium reported it will a total of $1 million for zero day exploits found for the Tor browser on Tails Linux and Windows.
Bluetooth ache: Protocol's security not sufficiently researched, experts claim after 'BlueBorne' disclosure
The recently disclosed collection of "BlueBorne" vulnerabilities that were found to affect at least 5.3 billion Bluetooth-enabled devices has revealed several inconvenient truths about the short-range communications protocol, experts say.
The Zero Day Initiative is taking the makers of the Foxit free PDF reader to task for failing to fix two zero-day vulnerabilities that would allow a remote attacker to execute arbitrary code on vulnerable installations of Foxit Reader.
The Shadow Brokers group that has been leaking alleged NSA hacking tools, is now threatening to launch a "Dump of the Month" service that will deliver more stolen tools and data to paying subscribers.
A zero-day bug in Microsoft Office and WordPad that hackers exploited to spy on targeted users, implant malware, and steal banking credentials took nine months to fix, according to news reports.
Researchers from Cybellum have discovered a 15-year-old code injection vulnerability and exploit technique that could allow attackers to maliciously take over antivirus programs and other software by abusing Microsoft's Windows Application Verifier debugging tool.
Security research firm ACROS Security has issued a third-party patch for a Microsoft vulnerability that Google disclosed last month after Microsoft failed to issue a patch within Google's imposed 90-day deadline.
Questions continue to swirl surround a mysterious Mac-based remote-access trojan (RAT) malware program called Proton, which Apple addressed in a recent update to its anti-malware program XProtect.
WordPress last week silently patched a high-severity zero-day vulnerability that can allow unauthorized users to remotely modify a web page's content and change any post.
A vulnerability in Cisco's WebEx Chrome extension reportedly could have allowed adversaries to remotely execute code on machines that visited compromised URLs containing a special string of characters.
A hacker claims to have broken into the FBI's website and leaked data onto a Pastebin account, though the agency denies the claim.
Older versions of the code library PHPMailer contain a critical vulnerability that remote attackers can leverage to take over a web server account and compromise a targeted web application via arbitrary code execution.
Russian APT group Sofacy has upped the ante in its campaign to compromise organizations with its "DealersChoice" Flash Player exploit tool, even after Adobe patched a key Flash vulnerability that the tool was observed exploiting.
A new security report casts doubt on Microsoft's attempts to downplay a zero-day exploit used by the Russian APT group.