Malware volume rose by 64% between the second quarter of 2018 and the same period this year, but dropped by 5% in the latter period compared to Q1 of this year, a new WatchGuard report[pdf] shows. 38% of all malware detections involved previously undiscovered, zero-day malware. Malware attacks are becoming

Threat actors have been exploiting a zero-day remote code execution vulnerability in order to attack web forums running vBulletin for years. The flaw came to light when a researcher published the zero-day on a vBulletin security mailing list. The bug can enable attackers to infect web forums with malware, alter

The security researcher who recently disclosed a zero-day privilege escalation flaw in Steam because the developer had dismissed the issue, has now released a second flaw of the same type in the highly popular video game distribution platform by Valve. After the researcher publicly disclosed the first flaw, Valve banned

iPhone users could have their device compromised by attackers just by receiving a malicious iMessage, research by Google Project Zero shows. The attack is possible because Apple’s iOS iMessage client contains what the researchers refer to as “interaction-less” vulnerabilities that can be exploited without any involvement of the user. According

Security researchers have discovered a zero-day privilege escalation flaw in Steam, a highly popular video game distribution platform by Valve. While the vulnerability could pose a serious risk to the more than 100 million Steam users, Valve dismissed the issue when it was disclosed to the firm. The researcher who

A security researcher has uncovered a critical flaw in Zoom video-conferencing software for macOS that puts up to 4 million users at risk. The zero-day flaw, tracked as CVE-2019–13450, can enable threat actors to hijack the webcam of users running the vulnerable software. In order to exploit the vulnerability, an attacker

A security firm holding a grudge against WordPress recently released proof-of-concept (PoC) code for two zero-days affecting two official Facebook plugins for WordPress. The impacted plugins are “Messenger Customer Chat” (20,000 installations) and “Facebook for WooCommerce” (200,000 installations). The flaws are tricky to exploit, but can enable threat actors to

As part of Patch Tuesday, Microsoft has issued fixed for 88 vulnerabilities in its products, 21 of which were critical security flaws. Patches were also released for the following 4 zero-days that have been released by Windows exploit developer SandboxEscaper since May. CVE-2019-1069 – A local privilege escalation (LPE) flaw

Once again, Windows exploit developer SandboxEscaper has released a new zero-day exploit without disclosing the issue to Microsoft first. Last month, SandboxEscaper released five Windows exploits in a week. One of those exploits was a bypass for a patch that fixed a local privilege-escalation (LPE) flaw tracked as CVE-2019-0841. The

On Thursday, Windows exploit developer “SandboxEscaper” once again released new zero-day exploits on her GitHub account. SandboxEscaper already released a zero-day on Tuesday and then two more exploits Wednesday, although it turns out one of the latter had already been patched by Microsoft. One of the new flaws is a