The exploitation of a very dangerous Drupal vulnerability has started after the publication of proof-of-concept (PoC) code.
A security researcher has ported three leaked NSA exploits to work on all Windows versions released in the past 18 years, starting with Windows 2000.
A Google security researcher has published proof-of-concept code for a vulnerability that can be exploited remotely via a WiFi connection to take over iPhone 7 handsets.
Zerodium, a company that buys exploits to sell to government agencies, is offering up to $1 million for zero-days affecting the Tor Browser.
Embedi, a hardware security firm, has published details about two vulnerabilities that have yet to be patched in the firmware of D-Link routers. This marks the second incident of this sort in the last five days.
Adam Donenfeld, a researcher with mobile security firm Zimperium, has published today proof-of-concept code for zIVA — a kernel exploit that affects iOS 10.3.1 and previous versions.
A Fortinet report released this week highlights the importance of keeping secure systems up to date, or at least a few cycles off the main release, albeit this is not recommended, but better than leaving systems unpatched for years.
A new email attack scenario nicknamed ROPEMAKER allows a threat actor to change the content of emails received by targets via remote CSS files.
A malware developer using the pseudonym of Cehceny is currently advertising a new exploit kit on underground hacking forums.
Thai security researcher Worawit Wang has put together an exploit based on ETERNALSYNERGY that can also target newer versions of the Windows operating system.
On July 7, French domain registrar Gandi lost control over 751 customer domains, which had their DNS records altered to point incoming traffic to websites hosting exploits kits.
A group of security researchers have set up a Patreon page to raise funds necessary to buy their way into the first batch of monthly exploit the Shadow Brokers promised on Tuesday.
One of the vulnerabilities used to spread the Stuxnet virus was 2016's most popular exploit, according to telemetry data gathered by Russia cyber-security firm Kaspersky Labs.
A new ransomware called CryptoLuck has been discovered being distributed via the RIG-E exploit kit. This ransom also utilizes an interesting method of infecting a victim through the legitimate GoogleUpdate.exe executable and DLL hijacking.
Today Apple released numerous security updates that resolve a total of 142 vulnerabilities in their iOS, watchOS, OSX, iTunes, and Safari products. Some vulnerabilities are the same throughout various Apple products if they share a similar codebase.
Today just as Adobe released a giant update for Flash and Reader that resolves numerous critical vulnerabilities, TrendMicro announced that they have discovered another new unpatched zero-day exploit in Flash. This exploit is actively being used by attackers in spear-phising emails against several Ministries of Foreign affairs.
A new vulnerability has been disclosed for the QTS operating system used by QNAP storage devices. This vulnerability allows remote OSX users to potentially read and write arbitrary files on a QNAP device through the Apple Filing Protocol (AFP).