Tag Archives: Web Application Security

New Apache Struts Zero-Day Vulnerability Being Exploited in the Wild

Security researchers have discovered a Zero-Day vulnerability in the popular Apache Struts web application framework, which is being actively exploited in the wild.

Apache Struts is a free, open-source, Model-View-Controller (MVC) framework for creating elegant, modern Java web applications, which supports REST, AJAX, and JSON.

In a blog post published Monday, Cisco’s Threat intelligence

Yahoo Hacked Once Again! Quietly Warns Affected Users About New Attack

Has Yahoo rebuilt your trust again?

If yes, then you need to think once again, as the company is warning its users of another hack.

Last year, Yahoo admitted two of the largest data breaches on record. One of which that took place in 2013 disclosed personal details associated with more than 1 Billion Yahoo user accounts.

Well, it’s happened yet again.
<!– adsense –>
Yahoo sent out another

FBI Hacked, Again! Hacker Leaks Data After Agency Failed to Patch Its Site

It seems like the FBI has been hacked, once again!

A hacker, using Twitter handle CyberZeist, has claimed to have hacked the FBI’s website (fbi.gov) and leaked personal account information of several FBI agents publically.

CyberZeist had initially exposed the flaw on 22 December, giving the FBI time to patch the vulnerability in its website’s code before making the data public.

The hacker

Someone Hijacking Unsecured MongoDB Databases for Ransom

Nearly two years back, we warned users about publicly accessible MongoDB instances – almost 600 Terabytes (TB) – over the Internet which require no authentication, potentially leaving websites and servers at risk of hacking.

These MongoDB instances weren’t exposed due to any flaw in its software, but due to a misconfiguration (bad security practice) that let any remote attacker access MongoDB

3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!

Three critical zero-day vulnerabilities have been discovered in PHP 7 that could allow an attacker to take complete control over 80 percent of websites which run on the latest version of the popular web programming language.

The critical vulnerabilities reside in the unserialized mechanism in PHP 7 – the same mechanism that was found to be vulnerable in PHP 5 as well, allowing hackers to

Multiple Critical Remotely Exploitable Flaws Discovered in Memcached Caching System

Hey Webmasters, are you using Memcached to boost the performance of your website?

Beware! It might be vulnerable to remote hackers.

Three critical Remote Code Execution vulnerabilities have been reported in Memcached by security researcher Aleksandar Nikolich at Cisco Talos Group that expose major websites, including Facebook, Twitter, YouTube, Reddit, to hackers.

Memcached is a fabulous