Security researcher Ed Foudil proposed adding a security.txt to every website to standardize the process of reporting vulnerabilities.
IBM X-Force reported a downward trend in publicly available exploit code, but security teams must still prioritize vulnerability and patch management.
A new vulnerability called ROPEMAKER could enable threat actors to replace a benign URL with a malicious one after an email has already been sent.
New research revealed that the threat actors behind the recent NotPetya wiperware attacks had established three backdoors in the M.E.Doc servers.
Attackers could exploit a vulnerability known as the Stack Clash bug to gain full root privileges, according to researchers at security firm Qualys.
To defend your infrastructure against future exploits, it's critical to disable the insecure original version of the SMB protocol.
Kapersky Labs explained that the life of a computer worm exploit doesn't end with the release of a security patch. Stuxnet is one example.
Researchers from enSilo may have too much time on their hands: Instead of putting out fires, they came up with a method to nuke Windows security. To make it worse, this attack vector cannot be patched because of how it uses Windows atom tables,...
As if to celebrate its two-year anniversary, Shellshock, one of the most infamous bugs of 2014, ramped up its activity in September.
Cybercriminals use code hooking to intercept OS function calls to alter or augment their behavior. The technique is becoming more popular and dangerous.