Zero-day in popular jQuery plugin actively exploited for at least three years
A fix is out but the plugin is used in hundreds, if not thousands, of projects. Patching will take ages!
Latest Posts
Flaws in telepresence robots allow hackers access to pictures, video feeds
Vendor has patched two of five reported bugs. Three patches are in the works.
Open source web hosting software compromised with DDoS malware
Some VestaCP servers were infected with a new malware strain named Linux/ChachaDDOS.
GitHub security alerts now support Java and .NET projects
GitHub also launches Token Scanning tool and new Security Advisory API.
Oceansalt cyberattack wave linked to defunct Chinese APT Comment Crew
The source code of malware from the ancient Chinese military-affiliated group appears to have changed hands.
MIT invention builds memory walls to protect against Meltdown, Spectre attacks
The new system could potentially prevent similar memory-based attacks from risking our PCs and global services.
Equifax engineer who designed breach portal gets 8 months of house arrest for insider trading
SEC said engineer figured out on his own that the website he was building was for the company's security breach.
Tumblr discloses vulnerability but says 'no evidence that this bug was abused'
Bug hunter finds security flaw in Tumblr's "Recommended Blogs" widget.
Researcher finds simple way of backdooring Windows PCs and nobody notices for ten months
"RID Hijacking" technique lets hackers assign admin rights to guest and other low-level accounts.
Rapid7 acquires web app security developer tCell
The deal is designed to boost Rapid7's Insight platform.
Creator of remote access tool LuminosityLink sent behind bars
The RAT software was a popular choice for cyberattackers.
Security flaw in libssh leaves thousands of servers at risk of hijacking
Vulnerability not as bad as it gets, as most servers use the openssh library to support server-side SSH logins.
Oracle patches 301 vulnerabilities, including 46 with a 9.8+ severity rating
This wasn't Oracle's biggest patch ever. That title goes to the July 2018 CPU.
Chrome 70 released with revamped Google account login system
Chrome 70 also comes with support for the final version of the TLS 1.3 standard and the AV1 video format.
Zero-days, fileless attacks are now the most dangerous threats to the enterprise
These attacks cost the average organization millions and SMBs are the worst affected.
Top Stories
-
![US voter records from 19 states sold on hacking forum]()
Security
-
![Researcher finds simple way of backdooring Windows PCs and nobody notices for ten months]()
Security
Researcher finds simple way of backdooring Windows PCs and nobody notices for ten months
-
![Around 62 percent of all Internet sites will run an unsupported PHP version in 10 weeks]()
Security
Around 62 percent of all Internet sites will run an unsupported PHP version in 10 weeks
-
![Security flaw in libssh leaves thousands of servers at risk of hijacking]()
Security
Security flaw in libssh leaves thousands of servers at risk of hijacking
-
![Chrome, Edge, IE, Firefox, and Safari to disable TLS 1.0 and TLS 1.1 in 2020]()
Security
Chrome, Edge, IE, Firefox, and Safari to disable TLS 1.0 and TLS 1.1 in 2020
