RansomHouse: Bug bounty hunters gone rogue?
A new cybercrime outfit that calls itself RansomHouse is attempting to carve out a niche of the cyber extortion market for itself by …
Bug
High-Severity Bug Reported in Google’s OAuth Client Library for Java
Google last month addressed a high-severity flaw in its OAuth client library for Java that could be abused by a malicious actor with a …
Critical VMware Bug Exploits Continue, as Botnet Operators Jump In
A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent …
Critical Zyxel Firewall Bug Under Active Attack After PoC Exploit Debut
Zyxel firewalls are under active cyberattack after a critical security vulnerability was disclosed last week that could allow …
Nasty Zyxel remote execution bug is being exploited
At the end of last week, Rapid7 disclosed a nasty bug in Zyxel firewalls that could allow for an unauthenticated remote attacker to execute …
Intel Memory Bug Poses Risk for Hundreds of Products
Chipmaker Intel is reporting a memory bug impacting microprocessor firmware used in “hundreds” of products. According to an advisory …
Critical Gems Takeover Bug Reported in RubyGems Package Manager
The maintainers of the RubyGems package manager have addressed a critical security flaw that could have been abused to remove gems and …
Critical Cisco VM-Escape Bug Threatens Host Takeover
The vendor also disclosed two other security vulnerabilities that would allow remote, unauthenticated attackers to inject commands as root …
Critical RCE Bug Reported in dotCMS Content Management Software
A pre-authenticated remote code execution vulnerability has been disclosed in dotCMS, an open-source content management system written in …
Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk
An unpatched Domain Name System (DNS) bug in a popular standard C library can allow attackers to mount DNS poisoning attacks against …
Unpatched DNS-Poisoning Bug Affects Millions of Devices, Stumps Researchers
The security vulnerability puts wide swaths of industrial networks and IoT devices at risk of compromise, researchers …
NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages
A “logical flaw” has been disclosed in NPM, the default package manager for the Node.js JavaScript runtime environment, that enables …
Firms Push for CVE-Like Cloud Bug System
Big gaps exist in the 22-year-old Common Vulnerability and Exposures (CVE) system that do not address dangerous flaws in cloud services …
Bug bounty platform Intigriti raises $23M to empower ethical hackers
Netherlands-based bug bounty and vulnerability disclosure platform Intigriti NV said today it has raised €21.1 million ($23 million) in a …