Andrew Leonov, a security researcher, discovered a critical remote execution bug on Facebook allowing him to breach the security of social media...
DAVScan is a quick and lightweight webdav scanner designed to discover hidden files and folders on DAV enabled webservers. The scanner works...
The Shadow Brokers—a hacker or group of hackers that stole computer exploits from the National Security Agency—has been quiet for some time....
Emails tell victims they need to download an attachment to view “suspicious activity” – then infects them with ransomware. In the immediate...
Sundown EK fails to improve market share among fellow EKs. The Sundown exploit kit (EK), which has been trying to fill the void...
Exploiting server side bugs is a jackpot for hackers. Users tend to keep their data in one big pot – the server....
Extraordinary claim gets attention of security experts everywhere. In what security experts say is either a one-of-a-kind breach or an elaborate hoax, an...
Researchers claim they can stop malware before it executes. Black Hat EndGame vulnerability researchers Cody Pierce, Matt Spisak, and Kenneth Fitch have created...
Office exploit kits updates drop support for CVE-2012-0158. Two newer vulnerabilities targeting the Microsoft Office suite have become very popular in recent months,...
This post is aimed at those new to exploit development and wanting to understand the end-to-end process and types of techniques that...
We came across a family of mobile malware called Godless (detected as ANDROIDOS_GODLESS.HRX) that has a set of rooting exploits in its...
Selfrando is an alternative to ASLR memory randomization. At the start of June, the Tor Project released version 6.5a1 of the Tor Browser,...
How Chipzilla and Microsoft hope to get one step ahead of hackers. Intel is pushing a neat technique that could block malware infections...
Recorded Future’s real-time threat intelligence product allows analysts access to hundreds of thousands of sources that are normalized, organized, and searchable for...
Hostile JavaScript delivered through ads installs ransomware on older Android phones. An ongoing drive-by attack is forcing ransomware onto Android smartphones by exploiting...
Approach relies on already installed code, including widely used glibc library. New research into the “Rowhammer” bug that resides in certain types of...
David Harley, a senior research fellow at ESET, offers expert answers to six important questions that concern vulnerabilities, exploits and patches.
Timing attacks are an interesting part of computer security. As an extreme example, imagine that your computer took one second to verify...
This vulnerability was discovered by Rafal Wojtczuk and Corey Kallenberg, check original white paper. Around one month ago, at 31-st Chaos Communication...
A massive uptick in malvertising has taken place over the last few years and is becoming so popular that it may become...
iOS and OS X the most vulnerable operating systems? Don't confuse vulnerabilities with exploits, or patch frequency with insecurity.