Pierluigi Paganini
August 06, 2019
A security expert has published PoC code exploit for a vulnerability in the KDE software framework that is yet to be fixed. The security expert Dominik Penner, aka “@zer0pwn”, has disclosed an unpatched KDE vulnerability on Twitter. “KDE Frameworks is a collection of libraries and software frameworks by KDE readily available to any Qt-based software stacks or applications on multiple operating systems.” The KDE Frameworks is […]
Pierluigi Paganini
July 12, 2019
The CVE-2019-1132 flaw addressed by Microsoft this month was exploited by Buhtrap threat actor to target a government organization in Eastern Europe. Microsoft Patch Tuesday updates for July 2019 address a total of 77 vulnerabilities, including two privilege escalation flaws actively exploited in the wild. The first vulnerability, tracked as CVE-2019-1132, affects the Win32k component and could be […]
Pierluigi Paganini
June 19, 2019
Mozilla released security updates for Firefox that addressed a critical zero-day vulnerability exploited in targeted attacks in the wild. Mozilla released security updates for its Firefox web browser that address a critical vulnerability that has been actively exploited in the wild. The zero-day vulnerability, tracked as CVE-2019-11707, is a type confusion flaw in Array.pop. Mozilla has addressed […]
Pierluigi Paganini
June 06, 2019
Experts at 0patch released an unofficial patch to address a recently disclosed zero-day vulnerability in Windows 10 Task Scheduler. Security experts at 0patch released an unofficial patch to address a recently disclosed zero-day vulnerability in Windows 10 Task Scheduler. A couple of weeks ago, researcher SandboxEscaper released a working exploit for the vulnerability, Like the […]
Pierluigi Paganini
June 04, 2019
A security expert found a flaw could be exploited to bypass macOS security and privacy features by using synthetic clicks. The popular white hat hacker Patrick Wardle, co-founder and chief research officer at Digita Security, discovered a vulnerability that could be exploited to bypass security warnings by performing ‘Synthetic Clicks’ on behalf of users without […]
Pierluigi Paganini
April 25, 2019
Experts uncovered hacking campaigns exploiting two critical security vulnerabilities in the popular WordPress plugin Social Warfare. Social Warfare is a popular ùWordPress plugin with more than 900,000 downloads, it allows to add social share buttons to a WordPress website. Experts uncovered hacking campaigns exploiting two critical security vulnerabilities in the Social Warfare plugin to take […]
Pierluigi Paganini
April 24, 2019
Security experts are warning of a dangerous zero-day remote code vulnerability that affects the Oracle WebLogic service platform. Oracle WebLogic wls9_async and wls-wsat components are affected by a deserialization remote command execution zero-day vulnerability. This zero-day flaw affects all Weblogic versions, including the latest one, that have the wls9_async_response.war and wls-wsat.war components enabled. Oracle WebLogic Server is a Java EE application […]
Pierluigi Paganini
April 16, 2019
A recently fixed local privilege escalation flaw in windows (CVE-2019-0803) had been exploited by bad actors to deliver PowerShell Backdoor. April 2019 Patch Tuesday security updates addressed a local privilege escalation flaw in Windows operating system, tracked as CVE-2019-0859 that had been exploited by threat actors to deliver a PowerShell backdoor. The flaw could allow […]
Pierluigi Paganini
April 12, 2019
According to experts a vulnerability in the popular WordPress plugin Yuzo Related Posts is exploited by attackers to redirect users to malicious sites. The XSS flaw allows attackers to inject a JavaScript into the sites that redirect visitors to websites displaying scams, including tech support scams, and sites promoting unwanted software. The Yuzo Related Posts […]
Pierluigi Paganini
April 10, 2019
Microsoft Patches Windows Privilege Escalation Flaws Exploited in Attacks Microsoft has released its April 2019 Patch Tuesday updates that address over 70 vulnerabilities, including two Windows zero-day flaws. Microsoft has released the April 2019 Patch Tuesday updates that address 74 vulnerabilities, including two Windows zero-days under active attack. April 2019 Patch Tuesday security updates resolve […]
