A Google security researcher has published proof-of-concept code for a vulnerability that can be exploited remotely via a WiFi connection to take over iPhone 7 handsets.
A team of three scientists from Columbia University has discovered that by attacking the combo of hardware and software management utilities embedded with modern chipsets, threat actors can take over systems via an attack surface found in almost all modern electronic devices.
Zerodium, a company that buys exploits to sell to government agencies, is offering up to $1 million for zero-days affecting the Tor Browser.
Embedi, a hardware security firm, has published details about two vulnerabilities that have yet to be patched in the firmware of D-Link routers. This marks the second incident of this sort in the last five days.
Security researchers have discovered eight vulnerabilities — codenamed collectively as BlueBorne — in the Bluetooth implementations used by over 5.3 billion devices.
Cisco has initiated a mass security audit of all its products that incorporate a version of the Apache Struts framework, recently affected by a series of vulnerabilities, one of which is under active exploitation.
South Korean security researcher Pierre Kim has published details about ten vulnerabilities he discovered in the firmware of D-Link DIR 850L routers.
Mobile security experts from Palo Alto Networks have detailed a new attack on Android devices that uses "Toast" notifications to help malware in obtaining admin rights or access to Android's Accessibility service — often used to take over users' smartphones.
Malware developers can abuse a programming error in the Windows kernel to prevent security software from identifying if, and when, malicious modules have been loaded at runtime.
An estimated 65% of Fortune 100 companies could be vulnerable to a security bug discovered in Apache Struts, a popular Java MVC framework used in the development of many top-grade enterprise applications.
An attacker can downgrade components of the Android TrustZone technology to older versions that feature known vulnerabilities and use older exploits against smartphones running an up-to-date operating system.