Application Attacks Buffer Overflows Cross Site Scripting
- March 19, 2019
A critical WinRAR bug that was exposed after 19 years is already being exploited in targeted attacks in the Middle East and United States, despite the availability of patch.
- February 25, 2019
A WinRAR bug that affects every version of the app over the past 19 years was discovered and patched. But it's unclear if the millions of the app's users will get the needed fix.
- October 22, 2018
A zero-day in jQuery File Upload could affect thousands of projects because the jQuery plugin vulnerability has existed for eight years and actively exploited for at least three years.
- October 15, 2018
The mystery around the Trend Micro apps that were removed from the Mac App Store continues despite Trend Micro's numerous updates on the matter.
- August 31, 2018
News roundup: A new Apache Struts vulnerability was exploited in the wild mere days after it was patched. Plus, Facebook removes app over privacy concerns and more.
- December 29, 2016
A bypass for the patch of a remote code execution vulnerability in the PHPMailer library prompted a second patch release for the popular library used by millions of websites.
- December 07, 2016
A malvertising campaign could put millions at risk of attack as the Stegano exploit kit is being delivered by this new method and is targeting unpatched systems.
- November 08, 2016
Researchers find widespread risk for users of apps with insecure OAuth implementation, which could lead to attackers being able to access the data held within a vulnerable app.
- October 07, 2016
Security researchers said expired domains and abandoned SDKs could present a way to hide malicious activity targeting vulnerable mobile devices.
- October 04, 2016
Cisco Talos discovered a severe flaw in the JPEG 2000 image file-format parser -- which is often used in PDF documents -- that could allow remote code execution on affected systems.
- July 20, 2016
A critical flaw was discovered in the ASN.1 compiler used by leading telecommunications and networking vendors, and the extent of the vulnerability has yet to be determined.
- July 18, 2016
Responsible disclosure wins as researchers roll out branded website for 'httpoxy,' a set of vulnerabilities in server-side web apps that use the HTTP_PROXY variable.
- July 08, 2016
In this Risk & Repeat podcast, SearchSecurity editors discuss a new Google Project Zero report on yet another round of critical Symantec vulnerabilities.
- June 02, 2016
IBM reports 30 'bug poaching' cyber extortion attacks in the past year, as black hat hackers aim to "help" enterprises by exploiting SQL injection vulnerabilities.
- May 27, 2016
Researchers demonstrated an exploit that combines rare attacks on memory deduplication and Rowhammer in order to allow an adversary access to read or write system memory.