Apache administrators are urged to immediately upgrade the Struts 2 web application framework to address a remote code execution flaw under public attack.
Tag Archives: zero-day vulnerability
Microsoft releases update for Flash Player, but leaves two disclosed Flaws Unpatched
Microsoft on Tuesday released security update (KB 4010250) to patch flaws in Adobe Flash Player for its customers using Internet Explorer on Windows 8.1 and later, as well as Edge for Windows 10, but two already disclosed flaws remain unpatched.
Just last week, Microsoft announced that its February patches would be delayed until March due to a last minute issue, a move that led to Google
Google Discloses Windows Vulnerability That Microsoft Fails To Patch, Again!
Microsoft is once again facing embarrassment for not patching a vulnerability on time.
Yes, Google’s Project Zero team has once again publicly disclosed a vulnerability (with POC exploit) affecting Microsoft’s Windows operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10 that had yet to be patched.
A few months back, the search engine giant disclosed a critical
Microsoft releases 12 Security Updates; Including 6 Critical Patches
For the last Patch Tuesday for this year, Microsoft has released 12 security bulletins, half of which are rated ‘critical’ as they give attackers remote code execution capabilities on the affected computers.
The security bulletins address vulnerabilities in Microsoft’s Windows, Office, Internet Explorer and Edge.
The first critical security bulletin, MS16-144, patches a total of 8 security
Google Pixel Phone Hacked in 60 Seconds at PwnFest 2016
The brand new Android smartphone launched by Google just a few months back has been hacked by Chinese hackers just in less than a minute.
Yes, the Google’s latest Pixel smartphone has been hacked by a team white-hat hackers from Qihoo 360, besides at the 2016 PwnFest hacking competition in Seoul.
The Qihoo 360 team demonstrated a proof-of-concept exploit that used a zero-day vulnerability in
Microsoft Says Russian Hackers Using Unpatched Windows Bug Disclosed by Google
Google’s Threat Analysis Group publically disclosed on Monday a critical zero-day vulnerability in most versions of Windows just 10 days after privately disclosed both zero days to Microsoft and Adobe.
While Adobe rushed an emergency patch for its Flash Player software on October 26, Microsoft had yet to release a fix.
Microsoft criticized Google’s move, saying that the public disclosure of
Google discloses Critical Windows Zero-Day that makes all Windows Users Vulnerable
Google has once again publicly disclosed a zero-day vulnerability in current versions of Windows operating system before Microsoft has a patch ready.
Yes, the critical zero-day is unpatched and is being used by attackers in the wild.
Google made the public disclosure of the vulnerability just 10 days after privately reporting the issue to Microsoft, giving the chocolate factory little time
Microsoft Patches 5 Zero-Day Vulnerabilities Being Exploited in the Wild
Microsoft has released its monthly Patch Tuesday update including a total of 10 security bulletin, and you are required to apply the whole package of patches altogether, whether you like it or not.
That’s because the company is kicking off a controversial new all-or-nothing patch model this month by packaging all security updates into a single payload, removing your ability to pick and choose
Beware! You Can Get Hacked Just by Opening a 'JPEG 2000' Image
Researchers have disclosed a critical zero-day vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library, which could allow an attacker to remotely execute arbitrary code on the affected systems.
Discovered by security researchers at Cisco Talos group, the zero-day flaw, assigned as TALOS-2016-0193/CVE-2016-8332, could allow an out-of-bound heap write to occur
Cisco finds new Zero-Day Exploit linked to NSA Hackers
Network equipment vendor Cisco is finally warning its customers of another zero-day vulnerability the company discovered in the trove of NSA’s hacking exploits and implants leaked by the group calling itself “The Shadow Brokers.”
Last month, the Shadow Brokers published firewall exploits, implants, and hacking tools allegedly stolen from the NSA’s Equation Group, which was designed to target