Subscribe to this page now.

Older WordPress sites affected by critical cross-site scripting bug

11/24, 2:14pm

Bug can be used to launch malicious JavaScript code from unauthenticated comments

Versions of WordPress from 3.0 up to 3.9.2 were discovered to contain a security vulnerability through the comment features on the site, making a large number of installs and servers vulnerable to attack. The bug was discovered by Jouko Pynnonen of the Finnish IT company Klikki Oy, indicating that the bug went unchecked for more than four years since it was introduced with version 3.0 in June 2010.


Report: Eight high-profile sites hit by browser exploits last week

08/27, 11:45pm

Security firms says malvertising hit sites such as Java, DeviantArt and Photobucket

A "malvertising" campaign made the rounds last week hitting at least eight high-profile websites according to security firm Fox-IT. The firma noticed that the sites were redirecting their visits to other places, allowing it to discover that sites were using vulnerabilities in software like Java and Flash to inject malicious programs. The purpose of the "malvertising" was to infect machines with botnet malware involved in boosting advertisement clicks.


Sony removes another PSN title over PS Vita exploit

04/23, 3:25pm

Sony pulls PSP game to stop more PS Vita hacks

Sony has removed Super Collapse 3 from the Playstation Store after the title was found to be vulnerable to a PS Vita exploit. The company removed the game from the store 24 hours after the exploit was noted on the blog, weeks after the same vulnerability was discovered in Motorstorm and Everybody's Tennis.


Skype for Android exploit allows grabbing of personal info

04/15, 6:20am

Skype for Android contains serious vulnerability

Users of Skype for Android have been left vulnerable to a code exploit that allows a hacker to access a user's personal information. The proof of concept exploit uncovered by Android Police would allow a hacker to deploy a rogue app in the Android Market that, once downloaded, would allow access to a Skype userís full name, date of birth, city/state/country, home phone, office phone, cell phone, email addresses, bio and other details. The vulnerability appears to be the result of left over files that contain improper permissions, which allows anyone or any app to read them.


iPad 2 already jailbroken

03/14, 5:40am

@Comex strikes again with new exploit

Renowned iOS hacker @Comex has posted photographic proof that he has already jailbroken the just-launched Apple iPad 2. According to @Comexís Twitter feed, previously used iOS exploits were locked down and he had to use a new exploit to get around the new measures. The details of the hack have not yet been made public, although he is already working towards releasing the hack for the public.


New Mac OS X Trojan horse identified

06/20, 8:40am

Mac OS X Trojan found

Multiple variants of a new 'Trojan Horse', designed to allow a malicious user complete remote access to a Mac OS X system have been discovered in the wild earlier this week according to makers of Mac anti-spyware and anti-virus solutions SecureMac. Dubbed 'Applescript.THT Trojan' and disguised as an application bundle called 'AStht_v06' (3.1MB in size), the malware seemingly originated, and is distributed via a 'hacker' website, as well as Limewire and iChat. Post system infiltration, the malicious script can reportedly "log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing". A 'copy cat' program based on the OS X Remote Management exploit was discovered earlier this week.


Anti-hacker features added to QuickTime

04/08, 2:15pm

QuickTime security

Apple's recent QuickTime 7.4.5 release includes exploit prevention mechanisms designed to block attacks from hackers, according to a recent report from eWeek. QuickTime for Windows Vista now features ASLR (address space layout randomization), technology that randomly arranges key data addresses to prevent developers of malware from predicting targets. ASLR is already used by Mac OS X Leopard to reduce the effectiveness of exploit attempts.


Code crashes Safari in iPhone 1.1.4, fixed for Mac/PC

03/19, 12:30am

Code crashes iPhone 1.1.4

A new exploit has surfaced for the iPhone's Safari browser that, while drawing parallels to an earlier issue, requires no user input to function. According to iPhone World, the vulnerability is triggered by previously conceived code that has been refined in the above manner. The issue affects firmware version 1.1.4 iPhones, and presumably previous versions. Safari on the Mac and PC were also affected by this vulnerability, but it was recently fixed in Safari 3.1, released today.


Hacker unlocks iPhone 1.1.2 via new exploit

02/08, 12:10pm

New iPhone 1.1.2 unlock

An iPhone hacker has discovered a new way to unlock Apple's iPhone firmware version 1.1.2 without the need to downgrade to a prior firmware revision and then re-upgrade after unlocking the device. The unlock technique relies on a bug that allows hackers to erase the contents of memory within a range of specific addresses, coupled with a second bug that allows users to copy data before validation occurs.


iPhone denial-of-service bug surfaces

02/07, 11:25am

iPhone DoS surfaces

An exploit for Apple's iPhone has surfaced that can crash the device when unsuspecting users visit a maliciously crafted Web page. SecurityFocus notes that successful attacks cause a kernel panic, crashing the iPhone which could ultimately lead to remote code execution. The firm states that iPhone firmware version 1.1.2 and 1.1.3 are both affected, and suggest that other versions may also be vulnerable.


QuickTime exploit circulates on Web

11/30, 1:20am

QuickTime 7.2 exploit

Symantec has notified DeepSight customers that a bug in QuickTime's Real Time Streaming protocol can lead towards the execution of malicious code on any computer running QuickTime 7.2 or later, and that a working proof-of-concept set of code being circulated on the internet. Computerworld reports that the bug was originally posted on, and that the exploit code had worked when tested against Windows XP and later in Vista. Mac OS X 10.4 Tiger and 10.5 Leopard are said to be vulnerable as well, but took considerably more time for researches to craft a reliable, working exploit.



Connect with Us

Free Technology and Gadgets Newsletter

  • We will not share your email address with anyone.

    Follow us on Facebook


    Most Popular


    Recent Reviews

    Samsung Galaxy S6 Edge

    The Samsung Galaxy S6 range is a critical component in Samsung's flagging smartphone strategy. With sales of its high-end smartphones ...

    Notti smart lamp from Witti

    Perhaps you've already seen our review of the Dotti LED display from Witti Design. Meet Notti, Dotti's "sibling". Notti is a softball ...

    Seagate Personal Cloud (2-Bay)

    When it comes to backing up files, many users are now looking to the myriad of cloud storage solutions available. There is no doubt th ...



    Most Commented


    Popular News