Pierluigi Paganini
June 19, 2019
Mozilla released security updates for Firefox that addressed a critical zero-day vulnerability exploited in targeted attacks in the wild. Mozilla released security updates for its Firefox web browser that address a critical vulnerability that has been actively exploited in the wild. The zero-day vulnerability, tracked as CVE-2019-11707, is a type confusion flaw in Array.pop. Mozilla has addressed […]
Pierluigi Paganini
June 06, 2019
Experts at 0patch released an unofficial patch to address a recently disclosed zero-day vulnerability in Windows 10 Task Scheduler. Security experts at 0patch released an unofficial patch to address a recently disclosed zero-day vulnerability in Windows 10 Task Scheduler. A couple of weeks ago, researcher SandboxEscaper released a working exploit for the vulnerability, Like the […]
Pierluigi Paganini
June 04, 2019
A security expert found a flaw could be exploited to bypass macOS security and privacy features by using synthetic clicks. The popular white hat hacker Patrick Wardle, co-founder and chief research officer at Digita Security, discovered a vulnerability that could be exploited to bypass security warnings by performing ‘Synthetic Clicks’ on behalf of users without […]
Pierluigi Paganini
April 25, 2019
Experts uncovered hacking campaigns exploiting two critical security vulnerabilities in the popular WordPress plugin Social Warfare. Social Warfare is a popular ĂčWordPress plugin with more than 900,000 downloads, it allows to add social share buttons to a WordPress website. Experts uncovered hacking campaigns exploiting two critical security vulnerabilities in the Social Warfare plugin to take […]
Pierluigi Paganini
April 24, 2019
Security experts are warning of a dangerous zero-day remote code vulnerability that affects the Oracle WebLogic service platform. Oracle WebLogic wls9_async and wls-wsat components are affected by a deserialization remote command execution zero-day vulnerability. This zero-day flaw affects all Weblogic versions, including the latest one, that have the wls9_async_response.war and wls-wsat.war components enabled. Oracle WebLogic Server is a Java EE application […]
Pierluigi Paganini
April 16, 2019
A recently fixed local privilege escalation flaw in windows (CVE-2019-0803) had been exploited by bad actors to deliver PowerShell Backdoor. April 2019 Patch Tuesday security updates addressed a local privilege escalation flaw in Windows operating system, tracked as CVE-2019-0859 that had been exploited by threat actors to deliver a PowerShell backdoor. The flaw could allow […]
Pierluigi Paganini
April 12, 2019
According to experts a vulnerability in the popular WordPress plugin Yuzo Related Posts is exploited by attackers to redirect users to malicious sites. The XSS flaw allows attackers to inject a JavaScript into the sites that redirect visitors to websites displaying scams, including tech support scams, and sites promoting unwanted software. The Yuzo Related Posts […]
Pierluigi Paganini
April 10, 2019
Microsoft Patches Windows Privilege Escalation Flaws Exploited in Attacks Microsoft has released its April 2019 Patch Tuesday updates that address over 70 vulnerabilities, including two Windows zero-day flaws. Microsoft has released the April 2019 Patch Tuesday updates that address 74 vulnerabilities, including two Windows zero-days under active attack. April 2019 Patch Tuesday security updates resolve […]
Pierluigi Paganini
March 30, 2019
The 20-year-old security researcher James Lee publicly disclosed details and proof-of-concept exploits for two zero-day vulnerabilities in Microsoft web browsers. The expert opted to disclose the flaw after the tech giant allegedly failed to address the zero-day issues privately he reported.The researcher reported the issues to Microsoft ten months ago, but the company did not […]
Pierluigi Paganini
March 24, 2019
A Cross-Site Scripting (XSS) vulnerability in Social Warfare installations (v3.5.1 and v3.5.2) is actively exploited to add malicious redirects. The vulnerability in the WordPress plugin has been fixed with the release of the 3.5.3 version of the plugin. Vulnerable versions of the Social Warfare plugin are currently installed on more than 70,000 websites. The plugin […]
