Vulnerabilities & Exploits

There are plans to update the BlueKeep Metasploit exploit after recent investigations revealed that the exploit triggers the blue screen of death in devices. This comes after recent reports of BlueKeep being used to install cryptocurrency miners on vulnerable

Details on the proof-of-concept (PoC) exploit for two unpatched, critical remote code execution (RCE) vulnerabilities in the network configuration management utility rConfig have been recently disclosed.

Patch now: Two Chrome zero-days were reported, one of them actively exploited in a campaign. Meanwhile, BlueKeep was initially reported seen in the wild to install a malicious Monero miner.

Trend Micro’s Zero Day Initiative (ZDI) will bring industrial control system (ICS) hacking into the Pwn2Own competition. The categories will be based on how widely used the system is and the relevance to researchers and the ICS community.

Administrators of NGINX web servers running PHP-FPM are advised to patch a vulnerability (CVE-2019-11043) that can let threat actors execute remote code on vulnerable, NGINX-enabled web servers. Here’s what you need to know.

Researchers recently demonstrated how security issues in Amazon Alexa Google Home devices can be abused to phish and eavesdrop on their owners. Here's what you need to know.

In 2017, EternalBlue was the driving force behind one of the nastiest ransomware outbreaks on record. And despite available fixes, it is still being used by malware today—from ransomware to widespread cryptocurrency miners.

The extent with which 5G networks use software is one of the top security issues for mobile networks as well as devices and current technologies (for example, 3G, 4G) that use or incorporate it, according to an EU report supported by the European Commission

A zero-day vulnerability found in Apple iTunes and iCloud was exploited by cybercriminals to infect Windows computers of an automotive company with the BitPaymer ransomware.