Two vulnerabilities in the site-building plugin could be useful tools in the hands of a skilled attacker, researchers warned. [...]

A pair of unpatched security vulnerabilities can allow unauthenticated cyberattackers to turn off window, door and motion-sensor monitoring. [...]

Services that let consumers resell their bandwidth for money are ripe for abuse, researchers warn. [...]

The popular Dynamic Pricing and Discounts plugin from Envato can be exploited by unauthenticated attackers. [...]

The NAS maker issued two security advisories about the RCE and DoS flaws, adding to a flurry of advisories from the vast array of companies whose products use OpenSSL. [...]

Jason Kent, hacker-in-residence at Cequence, talks about how cybercriminals target apps and how to thwart them. [...]

Researchers from Sophos discovered the emerging threat in July, which exploits the ProxyShell vulnerabilities in Microsoft Exchange servers to attack systems. [...]

HPE joins Apple in warning customers of a high-severity Sudo vulnerability. [...]

The bug (CVE-2021-33766) is an information-disclosure issue that could reveal victims' personal information, sensitive company data and more. [...]

Firm offers guidance on how to mitigate a five-months-old privilege escalation bug impacting Parallels Desktop 16 for Mac and all previous versions. [...]

Kerry Matre, Mandiant senior director, clears up misconceptions about the value to business for enterprise cyber-defense. Hint: It's not achieving visibility. [...]

It's unclear if Microsoft customers were breached during the months-long period where the #ChaosDB bug in Jupyter Notebooks was exploitable. [...]

Splunk’s Ryan Kovar discusses the rise in supply-chain attacks a la Kaseya & how to get ahead of encryption leaving your business a pile of broken shells. [...]

The worst of 13 bugs fixed by the August updates could lead to complete system compromise for users in sensitive sectors running products in Appliance mode. [...]

versions of the software are affected by a spate of bugs under active exploitations. [...]

If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software — which automatically downloads — to gain SYSTEM privileges. It should be noted that this is a local privilege escalation (LPE) vulnerability, which …

Networking giant issues two critical patches and six high-severity patches. [...]

Then again, you don’t even need the actual device – in this case, a SteelSeries peripheral – since emulation works just fine to launch with full SYSTEM rights. [...]

Cybersecurity watchdog Citizen Lab saw the new zero-day FORCEDENTRY exploit successfully deployed against iOS versions 14.4 & 14.6, blowing past Apple's new BlastDoor sandboxing feature to install spyware on the iPhones of Bahraini activists – even one living in London at the time. [...]

CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers. [...]

So much for Windows 10's security: A zero-day in the device installer software grants admin rights just by plugging in a mouse or other compatible device. UPDATE: Microsoft is investigating. [...]

Multiple vulnerabilities in software used by 65 vendors under active attack. [...]

Systems are ripe for abuse by attackers who can abuse systems to launch DDoS attacks. [...]

Oliver Tavakoli, CTO at Vectra, lays out the different layers of ransomware defense all companies should implement. [...]

The issue affects a range of Cisco Wireless-N and Wireless-AC VPN routers that have reached end-of-life. [...]