US accuses man of being 'elite' ransomware pioneer they've hunted for years Authorities allege 'J.P. Morgan' practiced ‘extreme operational and online security’ Cyber-crime13 Aug 2024 | 7
Exploit code for Palo Alto Networks zero-day now public Race on to patch as researchers warn of mass exploitation of directory traversal bug Security17 Apr 2024 | 3
Mozilla fixes $100,000 Firefox zero-days following two-day hackathon Users may have to upgrade twice to protect their browsers Security25 Mar 2024 | 9
Cyberattack gifts esports pros with cheats, forcing Apex Legends to postpone tournament Updated Virtual gunslingers forcibly became cheaters via mystery means Cyber-crime18 Mar 2024 | 6
JetBrains TeamCity under attack by ransomware thugs after disclosure mess More than 1,000 servers remain unpatched and vulnerable Cyber-crime07 Mar 2024 | 11
Rapid7 throws JetBrains under the bus for 'uncoordinated vulnerability disclosure' Updated Exploits began within hours of the original disclosure, so patch now Patches05 Mar 2024 | 37
Ivanti discloses fifth vulnerability, doesn't credit researchers who found it Software company's claim of there being no active exploits also being questioned Security09 Feb 2024 | 5
Fortinet's week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim An orchestra of fails for the security vendor Cyber-crime09 Feb 2024 | 6
Jenkins jitters as 45,000 servers still vulnerable to RCE attacks after patch released Multiple publicly available exploits have since been published for the critical flaw Security30 Jan 2024 | 2
Using GoAnywhere MFT for file transfers? Patch now – an exploit's out for a critical bug Ancient path traversal exploit offers remote attackers admin access Patches24 Jan 2024 | 1
Exploit for under-siege SharePoint vuln reportedly in hands of ransomware crew It’s taken months for crims to hack together a working exploit chain Cyber-crime12 Jan 2024 | 8
Infoseccers think attackers backed by China are behind Ivanti zero-day exploits Customers currently left patchless while attacks are expected to increase Cyber-crime11 Jan 2024 | 6
Critical Apache ActiveMQ flaw under attack by 'clumsy' ransomware crims Over a week later and barely any patches for the 10/10 vulnerability have been applied Cyber-crime02 Nov 2023 | 4
Critical vulnerability in F5 BIG-IP under active exploitation Full extent of attacks unknown but telecoms thought to be especially exposed Cyber-crime01 Nov 2023 |
Calls for Visual Studio security tweak fall on deaf ears despite one-click RCE exploit Two years on and Microsoft refuses to address the issue Research13 Oct 2023 | 11
Researcher bags two-for-one deal on Linux bugs while probing GNOME component One-click exploit could potentially affect most major distros Research10 Oct 2023 | 12
CISA adds latest Chrome zero-day to Known Exploited Vulnerabilities Catalog Chrome’s second zero-day of the month puts fed security at 'significant risk' Security03 Oct 2023 |
Security researchers believe mass exploitation attempts against WS_FTP have begun Updated Early signs emerge after Progress Software said there were no active attempts last week Cyber-crime02 Oct 2023 | 14
Toyota admits to yet another cloud leak infosec in brief Also, hackers publish RaidForum user data, Google's $180k Chrome bug bounty, and this week's vulnerabilities Security05 Jun 2023 | 6
Apple patches all the iThings, including iOS 15 hole under attack right now Issue identified in February but owners of older kit weren't warned Patches28 Mar 2023 | 11
China is likely stockpiling and deploying vulnerabilities, says Microsoft Increase in espionage and cyberattacks since law requiring vulnerabilities first be reported to Beijing Security07 Nov 2022 | 36
Solana, Phantom blame Slope after millions in crypto-coins stolen from 8,000 wallets SOL holders literally S.O.L. Cyber-crime04 Aug 2022 | 35
How a crypto bridge bug led to a $200m 'decentralized crowd looting' Flash mob exploits Nomad's validation code blunder Security02 Aug 2022 | 24
Cyber-mercenaries for hire represent shifting criminal business model Emerging threat group offers a broad range of attack services Security25 Jul 2022 | 9
Google tracked record 58 exploited-in-the-wild zero-day security holes in 2021 Friends are always tellin' me, you're a user ... Just be good to free() Security20 Apr 2022 | 14
CafePress fined for covering up 2019 customer info leak Watchdog demands $500,000 after millions of people's info stolen and sold Security16 Mar 2022 | 9
PrintNightmare: Kicking users from Pre-Windows 2000 legacy group may thwart domain controller exploitation While Uncle Sam recommends shutting down print spooler service Security01 Jul 2021 | 8
Check out this link! It's not like it'll crash your iPhone or anything (Hint: Of course it will) A few lines of code that Apple's browser simply can't handle Security17 Sep 2018 | 30
Russia's national vulnerability database is a bit like the Soviet Union – sparse and slow By design, though, not... er, general rubbishness Security17 Jul 2018 | 7
AAAAAAAAAA! You'll scream when you see how easy it is to pwn unpatched HPE servers Curl request with 29 As and it's lights out for iLO 4 Systems11 Jul 2018 | 38
Windows 10's defences are pretty robust these days, so of course folk are trying to break them White and black hats tinker with XML .SettingContent-ms files as a method to deliver malware Security05 Jul 2018 | 21
Vlad that's over: Remote code flaws in Schneider Electric apps whacked Putin the patch, critical infrastructure firms warned Security02 May 2018 | 11
Researchers slap SAP CRM with vuln combo for massive damage Directory traversal + log injection = I can see your privates Security15 Mar 2018 |
Johnny Hacker hauls out NSA-crafted Server Message Block exploits, revamps 'em Yep, vulns of WannaCry infamy. Why haven't you patched yet? Security31 Jan 2018 | 7
Text bomb, text bomb, you're my text bomb! Naughty HTML freezes Messages, Safari, etc Apple font code on iOS, macOS knackered by texted link Personal Tech19 Jan 2018 | 35
How are the shares, Bry? Intel chief cops to CPU fix slowdowns Don't worry, Chipzilla is 'working tirelessly' to resolve the issue Security09 Jan 2018 | 42
BoundHook: Microsoft downplays Windows systems exploit technique It's just not a security vulnerability, says Redmond Security18 Oct 2017 | 11
Have MAC, will hack: iThings have trivial-to-exploit Wi-Fi bug Project Zero reveal you really shouldn't skip the upgrade to iOS 11 Security27 Sep 2017 | 34
Ethereum-backed hackathon excavates more security holes Smart contracts language easy to use and create exploits with Security22 Sep 2017 | 6
Did ROPEMAKER just unravel email security? Nah, it's likely a feature Exploit that changes content of messages after delivery found Security23 Aug 2017 | 50
Fresh Microsoft Office franken-exploit flops – and you should have patched by now anyway Updated Exploit combo fails to dodge Word warning prompts Security15 Aug 2017 | 15
CIA hacking dossier leak reignites debate over vulnerability disclosure Spy agencies more interested in stockpiling bugs than closing the gaps Security08 Mar 2017 | 23
Penguins force-fed root: Cruel security flaw found in systemd v228 Opens door to privilege escalation attacks OSes24 Jan 2017 | 99
Ooooh, that's NASty. Security-watchers warn over man-in-the-middle risk Updated Small flaws, but they add up Security18 Jan 2017 | 6
This is your captain speaking ... or is it? Updated In-flight entertainment systems create hacker risk, say researchers Security20 Dec 2016 | 62
Grand App Auto: Tesla smartphone hack can track, locate, unlock, and start cars Musk's lot better get on this Security25 Nov 2016 | 47
Definitely not another Stuxnet, researchers claim as they demo industrial control rootkit Black Hat EU Undetectable ghost in the controller Security08 Nov 2016 | 3
Hackers hustle to hassle un-patched Joomla! sites If you didn't patch, you've probably been p0wned already Security02 Nov 2016 | 3
App proves Rowhammer can be exploited to root Android phones – and there's little Google can do to fully kill it Hardware vuln strikes 18 of 27 tested mobes Security24 Oct 2016 | 57
US DNC hackers blew through SIX zero-days vulns last year alone Most targets were individuals with Gmail addresses Security20 Oct 2016 | 9
Boffins exploit Intel CPU weakness to run rings around code defenses Branch buffer shortcoming allows hackers to reliably install malware on systems Security20 Oct 2016 | 11
BT's Wi-Fi Extender works great – at extending your password to hackers Got one of these gizmos? Patch its firmware ASAP Security21 Sep 2016 | 18
Your antivirus doesn't like Ammyy. And fraudsters will use that to RAT you out (again) If you seek ... trojans Security19 Jul 2016 | 15
Dedupe, dedupe, dedupe dedupe dedupe... Who snuck in to attack Microsoft Edge? DRAM, dude! Rowhammer brings down secure browser Security27 May 2016 | 17
Miscreants tripled output of proof of concept exploits in 2015 Pastebin is for old hats. Cool black hats use Twitter now Security05 May 2016 | 1
Researchers find hole in SIP, Apple’s newest protection feature System Integrity Protection pwned Security24 Mar 2016 | 14
How to evade Apple's anti-malware Gatekeeper in OS X and really ruin a fanboy's week Need a better latch on that gate Security01 Oct 2015 | 20
North Korea exploits 0-day in Seoul's favourite word processor 'Macktruck' attack network sends in the 'Hangman' Security10 Sep 2015 | 11
Hacking Team Flash exploit leak revealed lightning reflexes of malware toolkit crafters Black Hat 2015 Less than 24 hours from release to attack Security05 Aug 2015 | 9
Major web template flaw lets miscreants break out of sandboxes Black Hat 2015 This type of injection is way worse than XSS Security05 Aug 2015 | 10
VENOM virtual vuln proves less poisonous than first feared Analysis Potential deleterious effects more like a snakebite* than a snake bite Channel14 May 2015 | 11