Security News

The latest version of Apache Struts 2 addresses several vulnerabilities, including a critical remote code execution flaw for which an exploit was created within hours after the release of a patch....

Proof-of-concept (PoC) code has been released for recently patched iOS vulnerabilities that can be chained to take full control of a mobile device. The flaws could also be useful for a jailbreak,...

Zero-Day Exploit Vendor Zerodium Seeks Exploits for Signal, WhatsApp, TelegramThere's another option for governments trying to overcome the end-to-end encryption barrier: buy a zero-day software...

Zerodium has made some changes to its exploit acquisition program and the company is now offering up to $500,000 for remote code execution and privilege escalation vulnerabilities affecting...

How much does your privacy cost? It will soon be sold for half a Million US dollars. A controversial company specialises in acquiring and reselling zero-day exploits is ready to pay up to...

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they've been sent.

Security researchers are warning of a new, easy-to-exploit email trick that could allow an attacker to turn a seemingly benign email into a malicious one after it has already been delivered to...

Researchers say the Neptune, or Terror exploit kit has been spreading Monero cryptocurrency miners via malvertisements.

Cybercriminals have been using the Neptune exploit kit to deliver cryptocurrency miners via malvertising campaigns, FireEye reported on Tuesday. read more

The latest edition of the ISMG Security Report leads with a closer look at a new exploit kit and whether it represents a resurgence in these types of criminal packages. Also featured: a discussion...