A critical remote code execution vulnerability affecting popular web application framework Apache Struts has been discovered. The vulnerability is in the core of the application and exists due to insufficient validation of user-provided untrusted inputs under certain configurations. This vulnerability is identified by CVE-2018-11776. This Remote Code Execution vulnerability poses a huge risk as the […]

Read More →

Microsoft Edge and Mozilla Firefox browsers have been identified to have a severe bug that can allow remote attackers to steal the data of the users. If a user visits a malicious website, the website can steal the sensitive content of the user’s online accounts from other websites where the user have logged-in the same browser. The […]

Read More →

A new critical Adobe Flash Player zero-day vulnerability has been reported in the wild. The vulnerability identified as CVE-2018-4878  is currently believed to be actively being exploited against South Koreans. According to the South Korean Computer Emergency Response Team which discovered the zero-day, the zero-day is believed to be a Flash SWF file embedded in MS Word documents. An attacker just […]

Read More →

Oracle Micros POS is a hospitality management platform providing enterprise point-of-sale (POS) and back-office functionality to support a wide range of food and beverage operations. Oracle’s MICROS has more than 330,000 cash registers worldwide and currently, Oracle is the third-largest provider of PoS software on the market. Oracle in January 2018 as part of their quarterly patching […]

Read More →

A serious security flaw affecting all versions of Microsoft Office has been discovered by security researcher Lino Antonio Buono. The flaw is within the legitimate feature of Microsoft Office allowing malicious actors to create and spreads macro-based self-replicating malware. The flaw takes advantage of fact that a registry key value dictates whether external (or untrusted) macros can […]

Read More →

Adobe has released a critical security patch (APSB17-32) for Adobe Flash Player. This update addresses a critical type confusion vulnerability that could lead to code execution. Windows, Macintosh and Linux operating systems are affected. This vulnerability is identified with CVE-2017-11292. A security researcher from Kaspersky Labs have uncovered this new zero-day remote code execution vulnerability […]

Read More →