A security firm holding a grudge against WordPress recently released proof-of-concept (PoC) code for two zero-days affecting two official Facebook plugins for WordPress. The impacted plugins are “Messenger Customer Chat” (20,000 installations) and “Facebook for WooCommerce” (200,000 installations). The flaws are tricky to exploit, but can enable threat actors to

As part of Patch Tuesday, Microsoft has issued fixed for 88 vulnerabilities in its products, 21 of which were critical security flaws. Patches were also released for the following 4 zero-days that have been released by Windows exploit developer SandboxEscaper since May. CVE-2019-1069 – A local privilege escalation (LPE) flaw

Once again, Windows exploit developer SandboxEscaper has released a new zero-day exploit without disclosing the issue to Microsoft first. Last month, SandboxEscaper released five Windows exploits in a week. One of those exploits was a bypass for a patch that fixed a local privilege-escalation (LPE) flaw tracked as CVE-2019-0841. The

On Thursday, Windows exploit developer “SandboxEscaper” once again released new zero-day exploits on her GitHub account. SandboxEscaper already released a zero-day on Tuesday and then two more exploits Wednesday, although it turns out one of the latter had already been patched by Microsoft. One of the new flaws is a

Just one day after notorious Windows exploit developer “SandboxEscaper” released a Windows zero-day exploit, she posted two additional zero-days on her GitHub account. One is a sandbox escape impacting Internet Explorer 11 and the other is a local privilege escalation flaw affecting Windows Error Reporting. The latter is very difficult

A notorious Windows exploit developer known by the moniker SandboxEscaper has released a new exploit that allows users with limited privileges to obtain complete control over files that can otherwise only be altered by admin accounts and system processes. The zero-day flaw affects the Task Scheduler utility and is relatively

As part of this month’s patch Tuesday, Microsoft and Adobe have issued a total of 117 fixes for security flaws. Microsoft released patches for 74 vulnerabilities, 15 of which are critical flaws. Two of the Windows vulnerabilities are zero-days that have been actively exploited in the wild. The flaws, classified

Threat actors have been exploiting a recently patched security flaw in Google Chrome by combining the flaw with a vulnerability affecting Windows 7 machines. The combination of vulnerabilities is critical, as it can enable hackers to take over targeted computers. While Windows is working to find a fix for the