In an unnerving twist, when a critical zero-day vulnerability was reported in a Unix administration tool, called Webmin, it was revealed the flaw was no accident. According to researchers, the vulnerability was a secret backdoor planted in the popular utility nearly a year before its discovery.
Researchers are warning of an ongoing campaign exploiting vulnerabilities in a slew of WordPress plugins. The campaign is redirecting traffic from victims' websites to a number of potentially harmful locations.
It looks like an Apple lightning cable. It works like an Apple lightning cable. But it will give an attacker a way to remotely tap into your computer.
This is the nightmare scenario for system administrators around the world: Several severe security flaws affecting all Windows versions since Windows XP have just been made public today and Microsoft has barely released the appropriate security update which took 90 days-which is the common disclosure window before vulnerabilities are made public-to develop.
Security researchers attending the annual Black Hat hacker convention in Las Vegas have managed to bypass the iPhone FaceID user authentication in just 120 seconds. The way they did it may well surprise you, but should it worry you as well?
Several serious privacy flaws in a kid's tablet were disclosed this year at Black Hat, which could allow a bad actor to track or send messages to children.
At a session here at DEF CON on Saturday, Eclypsium's principal researcher Mickey Shkatov was joined by researcher Jesse Michael and both shed light on research that showed that the problem of insecure drivers is widespread, affecting more than 40 drivers from at least 20 different vendors - all drivers being certified by Microsoft.
Today, researchers from the enterprise security firm Armis are detailing just such a group of vulnerabilities in a popular operating system that runs on more than 2 billion devices worldwide. But unlike Windows, iOS, or Android, this OS is one you've likely never heard of. It's called VxWorks.
Two members of Project Zero, Google's elite bug-hunting team, have published details and demo proof-of-concept code for five of six "interactionless" security bugs that impact the iOS operating system and can be exploited via the iMessage client.
Industrial control software vulnerabilities, which would be perfect for next-gen Stuxnet-style worms to exploit, are as prevalent as ever, apparently.