Security News

One PUT request, one poisoned session file, and the server’s yours A trivial flaw in Apache Tomcat that allows remote code execution and access to sensitive files is said to be under attack in the...

Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, according to findings from CyberArk....

Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT. The malware, first detected in 2023, is attributed to a...

Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals. "By exploiting this flaw,...

A North Korean threat group has been using a technique called RID hijacking that tricks Windows into treating a low-privileged account as one with administrator permissions. [...]

Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information...

Read more about DNS hijacking and how organizations can prevent it.

With 14 serious security flaws found, what a gift for spies and crooks Fourteen bugs in DrayTek routers — including one critical remote-code-execution flaw that received a perfect 10 out of 10...

Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as: 147,000 token replay attacks were detected by Microsoft in 2023, a 111%...

No patches yet, can be mitigated, requires user interaction Final update After days of anticipation, what was billed as one or more critical unauthenticated remote-code execution vulnerabilities...