Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT (Managed File Transfer) software that allows attackers to create new admin users on ...

A researcher known as "Chaotic Eclipse" has published a proof-of-concept exploit for a second Microsoft Defender zero-day, ...

Although the team with Microsoft moved swiftly to patch the BlueHammer vulnerability, other exploits still threaten Microsoft ...

The exploit takes advantage of a known file upload vulnerability that was not efficiently patched and can still be exploited in up-to-date versions of Cleo LexiCom, VLTrader and Harmony products.

U.S. CERT issued a brief warning on its Web site Monday stating that the organization was "aware of active exploitation using malicious Microsoft Access databases." The U.S. CERT is the operational ...

In this Null Byte, I'm going to teach you about Null Byte Injections. Null Bytes are an older exploit. It works by injecting a "Null Character" into a URL to alter string termination and get ...

The exploit uses an insecure behavior of Windows Defender and a file API to secure system rights. It is still unpatched.

Researchers have exploited a weakness in a particular strain of the Black Basta ransomware to release a decryptor for the malware, but it doesn't recover all of the files encrypted by the prolific ...

It has been a very long time since the average computer user thought about .cue files, or cue sheets, the metadata bits that describe the tracks of an optical disc, like a CD or DVD. But cue sheets ...

State-sponsored APTs from North Korea, Iran, Russia, and China are targeting victims using a Windows shortcut file exploit, according to new research from Trend Micro’s Zero Day Initiative (ZDI). In ...

Akamai Technologies Inc. researcher Ben Barnea has found two vulnerabilities in Windows Outlook clients that could cause remote code execution by attackers sending specially crafted sound file ...