Security researchers have discovered three vulnerabilities in the Spring Development Framework, one of which is a critical remote code execution flaw that could allow remote attackers to execute arbitrary code against applications built with it. Spring Framework is a popular, lightweight and an open source framework for developing Java-based enterprise […]

Intel a publié une nouvelle version de sa feuille de route de mise à jour de microcodes depuis peu. Le fondeur annonce l’abandon du développement des mises à jour de microcodes pour certains processeurs ; la publication des correctifs pour le reste de sa flotte se poursuit néanmoins. En substance, plusieurs […]

At our recent Pwn2Own 2018 competition, Richard Zhu (fluorescence) targeted and successfully exploited Mozilla Firefox with only one bug. After handing over the bug to Mozilla at the contest, they have promptly coordinated an update in less than 24 hours. The response was certainly impressive, but I wanted to take a closer […]

A security vulnerability that is nearly 5 years old has now become the favorite tool of hackers as they are using it to infect Linux servers with crypto mining malware. The vulnerability that is being exploited in this cryptojacking campaign is classified as CVE-2013-2618. The miner is an altered XMRig tool, which is […]

After Delta Air Lines and Sears Holdings, Best Buy has also come forward to warn customers that their payment card information may have been compromised as a result of a breach suffered by online services provider [24]7.ai. Similar to Delta and Sears, Best Buy contracted [24]7.ai for online chat/support services. The retailer […]

Cisco PSIRT has published a new security advisory for abuse of the Smart Install protocol, the IT giant has identified hundreds of thousands of exposed devices online. Cisco is advising organizations that hackers could target its switches via the Smart Install protocol. The IT giant has identified hundreds of thousands of exposed […]