27 Sep 2019

Year-over-year malware volume increased by 64%

Malware volume rose by 64% between the second quarter of 2018 and the same period this year, but dropped by 5% in the latter period compared to Q1 of this year, a new WatchGuard report[pdf] shows. 38% of all malware detections involved previously undiscovered, zero-day malware. Malware attacks are becoming

Read More
26 Sep 2019

vBulletin Zero-Day Exploited for Years, Gets Unofficial Patch

Threat actors have been exploiting a zero-day remote code execution vulnerability in order to attack web forums running vBulletin for years. The flaw came to light when a researcher published the zero-day on a vBulletin security mailing list. The bug can enable attackers to infect web forums with malware, alter

Read More
22 Aug 2019

Researcher Discloses Second Steam Zero-Day After Valve Bug Bounty Ban

The security researcher who recently disclosed a zero-day privilege escalation flaw in Steam because the developer had dismissed the issue, has now released a second flaw of the same type in the highly popular video game distribution platform by Valve. After the researcher publicly disclosed the first flaw, Valve banned

Read More
09 Aug 2019

Hackers Can Break Into an iPhone Just by Sending a Text

iPhone users could have their device compromised by attackers just by receiving a malicious iMessage, research by Google Project Zero shows. The attack is possible because Apple’s iOS iMessage client contains what the researchers refer to as “interaction-less” vulnerabilities that can be exploited without any involvement of the user. According

Read More
09 Aug 2019

Steam Zero-Day Vulnerability Affects Over 100 Million Users

Security researchers have discovered a zero-day privilege escalation flaw in Steam, a highly popular video game distribution platform by Valve. While the vulnerability could pose a serious risk to the more than 100 million Steam users, Valve dismissed the issue when it was disclosed to the firm. The researcher who

Read More
10 Jul 2019

Zoom Zero-Day Bug Opens Mac Users to Webcam Hijacking

A security researcher has uncovered a critical flaw in Zoom video-conferencing software for macOS that puts up to 4 million users at risk. The zero-day flaw, tracked as CVE-2019–13450, can enable threat actors to hijack the webcam of users running the vulnerable software. In order to exploit the vulnerability, an attacker

Read More
18 Jun 2019

Disgruntled security firm discloses zero-days in Facebook’s WordPress plugins

A security firm holding a grudge against WordPress recently released proof-of-concept (PoC) code for two zero-days affecting two official Facebook plugins for WordPress. The impacted plugins are “Messenger Customer Chat” (20,000 installations) and “Facebook for WooCommerce” (200,000 installations). The flaws are tricky to exploit, but can enable threat actors to

Read More
12 Jun 2019

Microsoft’s June 2019 Patch Tuesday fixes many of SandboxEscaper’s zero-days

As part of Patch Tuesday, Microsoft has issued fixed for 88 vulnerabilities in its products, 21 of which were critical security flaws. Patches were also released for the following 4 zero-days that have been released by Windows exploit developer SandboxEscaper since May. CVE-2019-1069 – A local privilege escalation (LPE) flaw

Read More
10 Jun 2019

SandboxEscaper Debuts ByeBear Windows Patch Bypass

Once again, Windows exploit developer SandboxEscaper has released a new zero-day exploit without disclosing the issue to Microsoft first. Last month, SandboxEscaper released five Windows exploits in a week. One of those exploits was a bypass for a patch that fixed a local privilege-escalation (LPE) flaw tracked as CVE-2019-0841. The

Read More
24 May 2019

Researcher publishes Windows zero-days for the third day in a row

On Thursday, Windows exploit developer “SandboxEscaper” once again released new zero-day exploits on her GitHub account. SandboxEscaper already released a zero-day on Tuesday and then two more exploits Wednesday, although it turns out one of the latter had already been patched by Microsoft. One of the new flaws is a

Read More