The PureVPN client for Windows is impacted by two vulnerabilities that result in user credential leak, a Trustwave security researcher has discovered. The bugs, Trustwave’s Manuel Nader says, may allow a local attacker to retrieve the stored password of the

A cybersecurity researcher with Google Project Zero has released the details, and a proof-of-concept (PoC) exploit for a high severity vulnerability that exists in Linux kernel since kernel version 3.16 through 4.18.8. Discovered by white hat hacker Jann Horn, the

The Port of San Diego recently disclosed that it was hit by a cyberattack that impacted the firm’s IT systems. In an announcement, it revealed that an unknown ransomware variant was caused this incident. The firm is currently investigating the

Facebook has suffered an attack that exposed 50 million people’s personal accounts, the company has admitted. A vulnerability in the social network’s code meant that hackers could take over people’s log-ins and see their most private information, the company said.

Microsoft said that it’s working on a fix for a zero-day flaw in its JET Database Engine. A Microsoft zero-day has been uncovered that could allow remote code-execution; and as of now, it remains unpatched. According to Trend Micro’s Zero

Sharp-eyed researchers have spotted a critical vulnerability in numerous surveillance devices from the video management company NUUO. We’ve seen this before: In 2016, multiple critical vulnerabilities in NUUO devices were publicized in an excruciatingly public way. The latest — a

The covert banking Trojan DanaBot uncovered by Proofpoint in May 2018 when it began targeting Australia and Poland via malicious URLs has now moved to Europe, with new e-mail campaigns affecting Italy, Austria, Germany, and Ukraine. According to an analysis

The Port of Barcelona was Thursday morning the target of a cyberattack that affected some of its servers and systems, forcing the organization to launch the contingency plan designed specifically for these incidents. Details about the incident are scarce, and

A Latvian hacker convicted of crimes relating to running the for-profit malware scanning site “Scan4You” was sentenced to 14 years in prison on Friday. Ruslan Bondars, 37, was convicted earlier this year on three charges, including violation of the Computer

The security and privacy issues with APIs and third-party app developers are something that’s not just Facebook is dealing with. A bug in Twitter’s API inadvertently exposed some users’ direct messages (DMs) and protected tweets to unauthorized third-party app developers

An airport spokesman said the information screens were taken offline early on Friday to contain an attack similar to so-called “ransomware”. They are now working again at “key locations” including in departures and arrivals, and work is continuing to get

In 2016, Apple’s head of security surprised the attendees of one of the biggest security conference in the world by announcing a bug bounty program for Apple’s mobile operating system iOS. At the beginning, Apple struggled to woo researchers and

Hundreds of millions of records were exposed after a MongoDB server belonging to disaster-recovery firm Veeam was left misconfigured, researchers found. The open server contained a 200-gigabyte database with millions of records. Researcher Bob Diachenko, who discovered the misconfiguration, said

The airline said information like name, address and bank card details like CVC code were compromised. British Airways said approximately 380,000 card payments were compromised after a security breach occurred on the company’s website and mobile app in August. According

Zerodium, the infamous exploit vendor that earlier this year offered $1 million for submitting a zero-day exploit for Tor Browser, today publicly revealed a critical zero-day flaw in the anonymous browsing software that could reveal your identity to the sites

Two high-severity vulnerabilities have been disclosed in Cisco’s security platform that could allow an attacker to gain administrative privileges – and take full control of the impacted machine. The glitches, disclosed Wednesday, affect two parts of Cisco Umbrella, a secure