Reputed North Korean APT group TEMP.Reaper, the alleged culprit behind a zero-day ROKRAT malware campaign leveraging Adobe Flash Player vulnerability CVE-2018-4878, has been expanding its global target list despite remaining largely under the radar, according to a new FireEye research report.
Malicious actors kept busy late last year adding new weapons to their arsenal while placing others on the backburner as they attempted to profit from new honey holes like cryptocurrency mining and boosting the amount of old favorites like malspam.
An independent security researcher that goes by the handle Siguza revealed a local privilege escalation Zero Day in macOS that can be exploited by any unprivileged user.
APT28 is now also being named as one of the cyber gangs attempting to take advantage of Adobe Flash vulnerability CVE-2017-11292.
Adobe Systems on Monday issued an emergency patch for a zero-day Flash Player vulnerability, after an APT group was discovered actively exploiting the bug as a means to infect machines with FinSpy surveillance malware.
Zero-day-acquisition firm Zerodium reported it will a total of $1 million for zero day exploits found for the Tor browser on Tails Linux and Windows.
Bluetooth ache: Protocol's security not sufficiently researched, experts claim after 'BlueBorne' disclosure
The recently disclosed collection of "BlueBorne" vulnerabilities that were found to affect at least 5.3 billion Bluetooth-enabled devices has revealed several inconvenient truths about the short-range communications protocol, experts say.
The Zero Day Initiative is taking the makers of the Foxit free PDF reader to task for failing to fix two zero-day vulnerabilities that would allow a remote attacker to execute arbitrary code on vulnerable installations of Foxit Reader.
The Shadow Brokers group that has been leaking alleged NSA hacking tools, is now threatening to launch a "Dump of the Month" service that will deliver more stolen tools and data to paying subscribers.
A zero-day bug in Microsoft Office and WordPad that hackers exploited to spy on targeted users, implant malware, and steal banking credentials took nine months to fix, according to news reports.
Researchers from Cybellum have discovered a 15-year-old code injection vulnerability and exploit technique that could allow attackers to maliciously take over antivirus programs and other software by abusing Microsoft's Windows Application Verifier debugging tool.
Security research firm ACROS Security has issued a third-party patch for a Microsoft vulnerability that Google disclosed last month after Microsoft failed to issue a patch within Google's imposed 90-day deadline.
Questions continue to swirl surround a mysterious Mac-based remote-access trojan (RAT) malware program called Proton, which Apple addressed in a recent update to its anti-malware program XProtect.
WordPress last week silently patched a high-severity zero-day vulnerability that can allow unauthorized users to remotely modify a web page's content and change any post.
A vulnerability in Cisco's WebEx Chrome extension reportedly could have allowed adversaries to remotely execute code on machines that visited compromised URLs containing a special string of characters.
A hacker claims to have broken into the FBI's website and leaked data onto a Pastebin account, though the agency denies the claim.
Older versions of the code library PHPMailer contain a critical vulnerability that remote attackers can leverage to take over a web server account and compromise a targeted web application via arbitrary code execution.
Russian APT group Sofacy has upped the ante in its campaign to compromise organizations with its "DealersChoice" Flash Player exploit tool, even after Adobe patched a key Flash vulnerability that the tool was observed exploiting.
A new security report casts doubt on Microsoft's attempts to downplay a zero-day exploit used by the Russian APT group.
Microsoft and Adobe released security updates this Patch Tuesday which patched several critical vulnerabilities.
Ten days after privately disclosing an actively exploited, critical Windows vulnerability to Microsoft Corporation, Google's Threat Analysis Group went public with the flaw, despite the lack of a patch.
Microsoft today issued 10 bulletins covering 45 vulnerabilities, including 5 zero days for this month's Patch Tuesday update, the first using the company's new update methodology.