Collaborate Disseminate
Microsoft today issued an out-of-band security update to patch a critical zero-day vulnerability in Internet Explorer (IE) Web browser that attackers are already exploiting in the wild to hack into Windows computers.
Discovered by security researcher … Continue reading Microsoft Issues Emergency Patch For Under-Attack IE Zero Day
Security researchers have uncovered an APT group with possible ties to North Korea that has targeted academic institutions since May. The group, dubbed Stolen Pencil by researchers from Netscout, send spear-phishing emails which direct users to a webs… Continue reading North Korean APT Group Targets Academia via Malicious Chrome Extensions
An independent exploit developer and vulnerability researcher has publicly disclosed a zero-day vulnerability in VirtualBox—a popular open source virtualization software developed by Oracle—that could allow a malicious program to escape virtual machine… Continue reading Unpatched VirtualBox Zero-Day Vulnerability and Exploit Released Online
A security researcher with Twitter alias SandboxEscaper—who two months ago publicly dropped a zero-day exploit for Microsoft Windows Task Scheduler—has yesterday released another proof-of-concept exploit for a new Windows zero-day vulnerability.
Sandb… Continue reading Hacker Discloses New Windows Zero-Day Exploit On Twitter
The patch released by Microsoft last week for a zero-day flaw in the JET database engine is incomplete and does not fully address the issue, according to a vulnerability research firm. The flaw, tracked as CVE-2018-8423, was disclosed Sept. 20 through… Continue reading Microsoft’s JET Vulnerability Patch Incomplete, Researchers Say
A known vulnerability in MikroTik routers is potentially far more dangerous than previously thought.
A cybersecurity researcher from Tenable Research has released a new proof-of-concept (PoC) RCE attack for an old directory traversal vulnerability tha… Continue reading New Exploit for MikroTik Router WinBox Vulnerability Gives Full Root Access
Trend Micro’s Zero Day Initiative (ZDI) team has publicly disclosed a serious remote code execution vulnerability in the Microsoft JET Database engine which is used by several Microsoft products. ZDI decided to disclose the flaw even though ther… Continue reading Zero-Day RCE Flaw Found in Microsoft JET Database Engine
A security researcher has publicly disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows operating system (including server editions) after the company failed to patch a responsibly disclosed bug within the 120-da… Continue reading Researcher Discloses New Zero-Day Affecting All Versions of Windows
Zerodium, the infamous exploit vendor that earlier this year offered $1 million for submitting a zero-day exploit for Tor Browser, today publicly revealed a critical zero-day flaw in the anonymous browsing software that could reveal your identity to th… Continue reading Tor Browser Zero-Day Exploit Revealed Online – Patch Now
Users of the Mega.nz file hosting and sharing service were targeted through a supply chain attack in which hackers replaced the company’s official Chrome extension with a malicious version. The attack happened Sept. 4 at 14:30 UTC (10:30 a.m. ES… Continue reading Hackers Replace MEGA Chrome Extension with Trojanized Version