Application Attacks Buffer Overflows Cross Site Scripting
- December 29, 2016
A bypass for the patch of a remote code execution vulnerability in the PHPMailer library prompted a second patch release for the popular library used by millions of websites.
- December 07, 2016
A malvertising campaign could put millions at risk of attack as the Stegano exploit kit is being delivered by this new method and is targeting unpatched systems.
- November 08, 2016
Researchers find widespread risk for users of apps with insecure OAuth implementation, which could lead to attackers being able to access the data held within a vulnerable app.
- October 07, 2016
Security researchers said expired domains and abandoned SDKs could present a way to hide malicious activity targeting vulnerable mobile devices.
- October 04, 2016
Cisco Talos discovered a severe flaw in the JPEG 2000 image file-format parser -- which is often used in PDF documents -- that could allow remote code execution on affected systems.
- July 20, 2016
A critical flaw was discovered in the ASN.1 compiler used by leading telecommunications and networking vendors, and the extent of the vulnerability has yet to be determined.
- July 18, 2016
Responsible disclosure wins as researchers roll out branded website for 'httpoxy,' a set of vulnerabilities in server-side web apps that use the HTTP_PROXY variable.
- July 08, 2016
In this Risk & Repeat podcast, SearchSecurity editors discuss a new Google Project Zero report on yet another round of critical Symantec vulnerabilities.
- June 02, 2016
IBM reports 30 'bug poaching' cyber extortion attacks in the past year, as black hat hackers aim to "help" enterprises by exploiting SQL injection vulnerabilities.
- May 27, 2016
Researchers demonstrated an exploit that combines rare attacks on memory deduplication and Rowhammer in order to allow an adversary access to read or write system memory.
- May 19, 2016
The ImageTragick bug raises questions over responsible disclosure, as the flaw in the ImageMagick image-processing library exposes millions of websites to remote code execution.
- March 16, 2016
A security researcher reports Oracle's 30-month-old failed patch for a Java vulnerability, and experts suggest it was an irresponsible disclosure, despite frustration with Oracle's patching process.
- November 10, 2015
Bluebox Security unveiled a troubling study on mobile application threats and also introduced a new product to protect consumer apps on employee-owned devices.
- September 25, 2015
Kaspersky Lab has fixed some of the vulnerabilities in its antivirus products, but a new report from Google Project Zero reveals there's more work to be done.
- May 26, 2015
A newly discovered router vulnerability could leave millions of connected devices open to denial-of-service attacks and remote code execution.