Security News

Unpatched WordPress Password Reset Vulnerability Lingers (Threatpost)
2017-05-04 16:46

A zero day vulnerability exists in WordPress Core that in some instances, could allow an attacker to reset a user's password and in turn, gain access to their account.

Researcher: ‘Baseless Assumptions’ Exist About Intel AMT Vulnerability (Threatpost)
2017-05-03 19:39

Embedi, which is behind the Intel AMT vulnerability revealed Monday, seeks to clarify "baseless assumptions" being made about the flaw.

Intel Warns of Critical Vulnerability in Processor Firmware (SecurityWeek)
2017-05-02 13:48

Intel Patches Nine-Year-Old Critical CPU Vulnerability (Threatpost)
2017-05-02 13:04

Intel warns business PC customers of a critical vulnerability found in its Active Management Technology that allows for escalation of privilege attacks.

Intel AMT vulnerability hits business chips from 2008 onwards (ZDNet)
2017-05-02 05:33

Flickr Vulnerability Worth $7K Bounty to Researcher (Threatpost)
2017-05-01 16:08

Yahoo has patched an account takeover vulnerability on its Flickr image-hosting service that earned an independent security researcher a $7,000 bounty.

No Fix for SquirrelMail Remote Code Execution Vulnerability (Threatpost)
2017-04-24 17:52

SquirrelMail suffers from a remote code execution vulnerability that could let attackers execute arbitrary commands on the target and compromise the remote system.

Google Fixes Unicode Phishing Vulnerability in Chrome 58, Firefox Standing Pat (Threatpost)
2017-04-20 18:32

Google fixed a vulnerability that could've let an attacker carry out phishing attacks with Unicode domains in Chrome but Mozilla is holding off - for now.

Drupal Closes Access Bypass Vulnerability in Core Engine (Threatpost)
2017-04-20 13:57

Drupal released a point update for its core engine to patch a critical access bypass vulnerability.

Oracle drops massive 299 vulnerability patch, fixes Shadow Broker exploit (ZDNet)
2017-04-19 10:18