New Internet Explorer zero‑day remains unpatched

You may want to implement a workaround or stop using the browser altogether, at least until Microsoft issues a a fix. Microsoft has released a security advisory alerting users to an as-yet unpatched vulnerability in its Internet Explorer (IE) web browser that is being exploited in limited targeted attacks. The zero-day, which is tracked as CVE-2020-0674, is a … More New Internet Explorer zero‑day remains unpatched

Patch now! Why the BlueKeep vulnerability is a big deal

What you need to know about the critical security hole that could enable the next WannaCryptor. Remember the panic that hit organizations around the world on May 12th, 2017 when machine after machine displayed the WannaCryptor ransom screen? Well, we might have a similar incident on our hands in the coming days, weeks or months … More Patch now! Why the BlueKeep vulnerability is a big deal

‘Highly critical’ bug exposes unpatched Drupal sites to attacks

Worse, attackers have already been spotted targeting the flaw to deliver cryptocurrency miners and other payloads. Days after the team behind Drupal urged website admins to apply an update patching a highly critical vulnerability in the content management system (CMS) platform, threat actors were spotted exploiting the loophole in the wild. The remote code execution … More ‘Highly critical’ bug exposes unpatched Drupal sites to attacks

PoC targeting critical Apache Struts bug found online

The discovery was made barely two days after the release of a patch that fixes the critical flaw in the web application framework. Researchers have discovered freely available proof-of-concept (PoC) code that can be used to exploit a critical security hole in the Apache Struts 2 web application framework shortly after the vulnerability was disclosed … More PoC targeting critical Apache Struts bug found online