A popular version of the Magento ecommerce platform is vulnerable to a remote code execution bug, putting as many as 200,000 online retailers at risk.
It’s 2017, and opening a simple MS Word file could compromise your system.
Security researchers are warning of a new in-the-wild attack that silently installs malware on fully-patched computers by exploiting a serious — and yet unpatched — zero-day vulnerability in all current versions of Microsoft Office on fully-patched PCs.
The Microsoft Office zero-day attack, uncovered by researchers
While probes looking for vulnerable Apache Struts 2 deployments continue, malicious traffic has tapered off, researchers at Rapid7 said.
Apache administrators are urged to immediately upgrade the Struts 2 web application framework to address a remote code execution flaw under public attack.
What could be more exciting for hackers than exploiting a vulnerability in a widely used software without having to struggle too much?
One such easy-to-exploit, but critical vulnerability has been discovered in ESET’s antivirus software that could allow any unauthenticated attackers to remotely execute arbitrary code with root privileges on a Mac system.
The critical security flaw, tracked
A researcher disclosed vulnerabilities in TP-Link C2 and C20i routers that allow for remote code execution and denial-of-service attacks with authentication.
WordPress security experts said that 1.5M sites have been defaced following the disclosure of a silently fixed content injection vulnerability.
It’s not necessary to break into your computer or smartphone to spy on you. Today all devices in our home are becoming more connected to networks than ever to make our lives easy.
But what’s worrisome is that these connected devices can be turned against us, anytime, due to lack of stringent security measures and insecure encryption mechanisms implemented in these Internet of Things (IoTs)
Microsoft has issued its first Patch Tuesday for 2017, and it’s one of the smallest ever monthly patch releases for the company, with only four security updates to address vulnerabilities in its Windows operating system as well as Adobe Flash Player.
Meanwhile, Adobe has also released patches for more than three dozen security vulnerabilities in its Flash Player and Acrobat/Reader
A security researcher recently reported a critical vulnerability in one of the most popular open source PHP libraries used to send emails that allowed a remote attacker to execute arbitrary code in the context of the web server and compromise a web application.
Disclosed by Polish security researcher Dawid Golunski of Legal Hackers, the issue (CVE-2016-10033) in PHPMailer used by more than 9