Vulnerabilities & Exploits

Oracle published an out-of-band security alert advisory on CVE-2019-2729, a zero-day deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services.

A Netflix researcher uncovered four critical vulnerabilities — CVE-2019-11477, CVE-2019-11478, CVE-2019-5599, and CVE-2019-11479 — within the TCP implementations on Linux and FreeBSD kernels.

Two hacking groups have been spotted attacking vulnerable Exim email servers, trying to exploit CVE-2019-10149. One group uses a public internet server, and another a server on the dark web.

A security researcher, going by the handle SandboxEscaper, published an exploit code for a zero-day vulnerability in Windows' Task Scheduler utility. Here's what you need to know.

Almost a million systems are reportedly vulnerable to BlueKeep (CVE-2019-0708), a critical vulnerability in remote desktop services. Here are some best practices that can help defend against threats that may exploit it.

Researchers reported new side-channel attacks — ZombieLoad, Fallout, and Rogue In-Flight Data Load (RIDL) — that can leak data being processed by vulnerable Intel processors. Here's what you need to know.

Threat actors were found exploiting CVE-2018-1000861, a vulnerability in the Stapler web framework that is used by the Apache Jenkins open-source software development automation server with versions 2.153 and earlier.

Attackers can exploit a vulnerability in Apache HTTP server to gain elevated privileges and complete control of a target machine.

Trend Micro researchers uncovered a new variant of the notorious Mirai malware that uses multiple exploits to target various routers and internet-of-things devices.