Apple has awarded a bug bounty hunter $100,000 for finding and reporting a severe security issue that could lead to the takeover of third-party user accounts.
Nearly 1 million WordPress sites are being hit by what is likely a single threat actor attempting to inject a redirect into the sites by exploiting a cross site scripting vulnerability.
Microsoft Teams, the technology giant's professional collaboration tool, included a software bug that could have made it possible for hackers to steal data. Hackers could have used a malicious GIF to scrape user data from Microsoft Teams user accounts, spreading through an organization's entire roster of employees who use the service, researchers from
After an Internet-wide scan, researchers at cybersecurity firm Kryptos Logic discovered roughly 48,000 Windows 10 hosts vulnerable to attacks targeting the pre-auth remote code execution CVE-2020-0796 vulnerability found in Microsoft Server Message Block 3.1.1 (SMBv3).
Citrix has issued its first set of patches fixing a nasty vulnerability that's been hanging over some of its biggest products.
Authentication bypass bugs in WordPress plugins InfiniteWP Client and WP Time Capsule leave hundreds of thousands of sites open to attack.
One misstep from developers at Starbucks left exposed an API key that could be used by an attacker to access internal systems and manipulate the list of authorized users.
Two malicious versions of two Python packages were introduced in the Python Package Index (PyPI) with the purpose of stealing SSH and GPG keys from Python developers' projects.