Security News

The recently patched REST API Endpoint vulnerability in WordPress could be leveraged to pull off stored cross-site scripting attacks.

SAP patched a critical vulnerability in its cloud-based business platform HANA today that if exploited, could allow for a full system compromise, without authentication.

Researchers at Check Point found and remediated malware on 38 Android devices that were infected somewhere along the supply chain.

Researchers said last week they came across a malicious function that was snuck into a module in Magento in order to steal credit card information.

Google has re-issued its over-the-air Android security update after Nexus 6 users reported that the patches broke the SafetyNet API and features such as Android Pay no longer worked.

Double Robotics telepresence robots were patched against vulnerabilities that leaked device data and session keys and tokens.

Mike Mimoso talks to Cody Pierce, director of vulnerability research and prevention with Endgame, at RSA Conference 2017 about how attackers are changing their techniques in the face of mitigations.

Google paid out $38,000 in bounty rewards tied to flaws it fixed with a Chrome 57 browser update.

While probes looking for vulnerable Apache Struts 2 deployments continue, malicious traffic has tapered off, researchers at Rapid7 said.

Mike Mimoso and Chris Brook discuss the news of the week including a rash of new IP camera backdoors, James Comey's talk at Boston College, hacking back vs. active defense, and the DOJ dropping...