While probes looking for vulnerable Apache Struts 2 deployments continue, malicious traffic has tapered off, researchers at Rapid7 said.
Apache administrators are urged to immediately upgrade the Struts 2 web application framework to address a remote code execution flaw under public attack.
A unique attack called DNSMessenger uses DNS queries to carry out malicious PowerShell commands on compromised computers.
Researchers uncovered a global malvertising campaign exposing potentially millions of users to the risk of being hit with CrypMIC ransomware delivered via the Neutrino Exploit Kit.
Researchers found a vulnerability in the classic compression standard Lhasa, once a mainstay for game developers in the mid-90s and still in use today.
Apple patched an OS X vulnerability in a kernel driver that could give attackers root-level privileges on a Mac computer, researchers at Cisco Talos said.
Cisco has demonstrated an attack against Stack Smashing Protection in Linux systems that is facilitated by a critical vulnerability in MiniUPnP.
Researchers at Cisco spotted targeted attacks moving remote access Trojans via the AutoIt administration and scripting tool.
Spam messages spoofing Microsoft and promising a free Windows 10 upgrade instead drop the CTB-Locker crypto-ransomware on compromised machines.
Researchers at Cisco Talos released details on a use-after-free vulnerability in Apple QuickTime that could lead to remote code execution.