More than a million active websites use Drupal, making it the second most used content management system worldwide after WordPress. On March 28, 2018, Drupal released security patches for versions 6 to 8 suggesting to update immediately and marking the underlying vulnerability (CVE-2018-7600) as critical with remote code execution. The scanning and attacks on […]

Read More →

Today Microsoft released regular patches fixing a total of 75 vulnerabilities. Among these Microsoft rated 14 CVEs as Critical and rest 61 as Important. These vulnerabilities impact Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Exchange Server, ASP.NET Core, .NET Core, PowerShell Core, ChakraCore, Microsoft Office, and Microsoft Office Services and Web Apps. This Patch Tuesday major critical […]

Read More →

Start of this new year, Meltdown and Spectre kept us busy. Today Microsoft released regular patches fixing a total of 23 vulnerabilities. Among these Microsoft rated one CVE as Critical, 20 as Important, one as Moderate and last one as Low. Microsoft also released 2 advisories for Adobe and Microsoft Office. Out of these 23 […]

Read More →

Two new critical vulnerabilities have been discovered affecting every processor since 1995, which allow malicious programs to steal information from other programs memory. These vulnerabilities are named as Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715). Meltdown and Spectre vulnerabilities affect all processors since 1995 including AMD, ARM, and Intel. These vulnerabilities allow an attacker to access […]

Read More →

Foxit reader is prone to two remote code execution zero day vulnerabilities, which are found by Steven Seeley (mr_me) and Ariele Caltabiano (kimiya). Both vulnerabilities are due to the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations and also launching of any executable files. User interaction is […]

Read More →

Adobe has released four security updates for Adobe Flash Player (APSB17-23), Adobe Experience Manager (APSB17-26), Adobe Acrobat and Reader (APSB17-24) and Adobe Digital Editions (APSB17-27) which covers a total of 80 CVE’s. Adobe Flash Player address a critical type confusion vulnerability that could lead to code execution and an important security bypass vulnerability that could […]

Read More →