Threat Post

Apache Tomcat Exploit Poised to Pounce, Stealing Files

Researchers said that a working exploit for CVE-2020-1938 leaked on GitHub makes is a snap to compromise webservers. A vulnerability in the popular Apache Tomcat web server is ripe for active attack, ...
CSO Online

Webrat turns GitHub PoCs into a malware trap

The known RAT aimed at gamers is now targeting security professionals searching GitHub for PoCs and exploit codes.
Dark Reading

Microsoft Office Files Most Popular for Exploit Tests

Security researchers who analyzed attackers' exploit testing process concluded that exploits never go out of style. Many can remain popular and reliable tools over time, partly due to dependence on ...
Digital Trends

Internet Explorer zero-day exploit makes files vulnerable to hacks on Windows PCs

There were already a number of reasons to not use Internet Explorer. But if you needed another one, here it is. According to ZDNet, a security researcher named John Page has published evidence of an ...
Bleeping Computer

New Windows Zero-Day Bug Helps Delete Any File, Exploit Available

Proof-of-concept code for a new zero-day vulnerability in Windows has been released by a security researcher before Microsoft was able to release a fix. The code exploits a vulnerability that allows ...
CRN

Criminals Launch Exploit Of Microsoft Access Database Files

U.S. CERT issued a brief warning on its Web site Monday stating that the organization was "aware of active exploitation using malicious Microsoft Access databases." The U.S. CERT is the operational ...
Bleeping Computer

File Inclusion Bug in Kibana Console for Elasticsearch Gets Exploit Code

Exploit code has been published for a local file inclusion (LFI) type of vulnerability affecting the Console plugin in Kibana data visualization tool for Elasticsearch; an attacker could use this to ...
Ars Technica

WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April

The file is named .RAR to make it look like you need a RAR utility to open it. Once WinRAR opens it it identifies it as a ZIP file. The write up doesn't fully describe the bug but it looks like an ...
ZDNet

Hacker finds a way to exploit PDF files, without a vulnerability

A security researcher has managed to create a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities. The PDF hack, when combined with clever ...
Forbes

New Windows 10 Security Exploit Can Read All Your Files -- What You Need To Know

A security researcher going by the name of SandboxEscaper has posted a proof of concept demo for a Windows zero-day exploit online. This local privilege escalation (LPE) exploit is the fifth in a ...
PC World

Researchers find previously unknown exploits among Hacking Team’s leaked files

Researchers sifting through 400GB of data recently leaked from Hacking Team, an Italian company that sells computer surveillance software to government agencies from around the world, have already ...