If you’re on a red team or have been on the receiving end of a pen-test report from one, then you’ve almost...
Internet-connected devices in your home or office will be vulnerable to botnets and other attacks, if you don’t change the original login...
Group chat service HipChat made an announcement on its blog that their Security Intelligence Team detected a “vulnerability” in a third-party library...
A vulnerability in the Microsoft Edge browser can be exploited and allow an attacker to obtain a user’s password and cookie files...
[jpshare]Critical Microsoft Edge Vulnerability Allows to steal the cookies and password revealed by Recent Research by PoC (Proof-of-Concepts) .This Vulnerability Discovered under...
One of the vulnerabilities used to spread the Stuxnet virus was 2016’s most popular exploit, according to telemetry data gathered by Russia...
A group of Israeli researchers has devised a new technique to exfiltrate data from a PC in an air-gapped network through malware controlled via scanners....
Microsoft recently fixed a vulnerability in its video chat and messaging app Skype that could have allowed an attacker to execute code...
Did script kiddies use DoublePulsar code released by NSA-leaking Shadow Brokers? Security experts believe that tens of thousands of Windows computers may...
The developer of the AES-NI ransomware claims that the recent “success” he’s been enjoying is due to the NSA exploits leaked last...
Cyber security experts disclosed the existence of 10 unpatched security flaws in dozens of Linksys routers widely used today. The IOActive senior...
[jpshare] Wordpress vulnerable to Cross-Site Request Forgery in Connection Information – Not yet fixed with the last Update. WordPress is a free online...
Like many in the security industry, we’ve been busy investigating the implications of the Shadow Brokers leak, with the DOUBLEPULSAR payload in...
Code-execution flaw is triggered by plugging a booby-trapped USB into vulnerable PCs. One of the Microsoft Windows vulnerabilities used to spread the...
Sensors in phones running both iOS and Android reveal all kinds of sensitive info. Smartphones know an awful lot about us. They...
Spammers are spreading Java-based remote access Trojans, known as jRATs, targeting tax filers with attachments named “IRS Updates.jar” and “Important_PDF.jar” that, if executed, give...
This is the story of how I found and exploited XSS (content injection) in the pgAdmin4 1.3 desktop client. (Before I get...
Browsers such as Chrome, Firefox, and Opera are vulnerable to a new variation of an older attack that allows phishers to register...
The Callisto APT Group borrowed the source code leaked by hackers that broke into Hacking Team network. According to F-Secure Labs, The Callisto APT...
Over the past six months, the roar of exploit kits has quieted to a whimper. But that doesn’t mean exploit kit threats are...
A bug dubbed Riddle vulnerability affecting MySQL 5.5 and 5.6 clients exposed user credentials to MiTM attacks. Update to version 5.7. A coding...