Dark Reading

Stealth Bomber: Atlassian Confluence Exploits Drop Web Shells In-Memory

Fresh proof-of-concept (PoC) exploits are circulating in the wild for a widely targeted Atlassian Confluence Data Center and Confluence Server flaw. The new attack vectors could enable a malicious ...
CSO Online

Drupal admins rushing to patch maximum severity SQL injection vulnerability

In its warning, Drupal said a vulnerability in this API allows an attacker to send specially crafted requests resulting in ...
Bleeping Computer

Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released

The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application ...
Computerworld

Web attack toolkit exploits unpatched Microsoft XML flaw

An exploit for an unpatched vulnerability in the Microsoft XML Core Services (MSXML) has been incorporated into Blackhole, one of the most widely used Web attack toolkits, according to security ...
CSOonline

Clop ransomware gang exploits the MOVEit Transfer vulnerability to steal data

More information is coming to light after news last week that a critical vulnerability in a secure file transfer Web application called MOVEit Transfer was being exploited by hackers. Microsoft tied ...
Dark Reading

New Exploit Broker on the Scene Pays Premium for Signal App Zero-Days

Gray-market exploit brokers are alive and kicking, with the latest sign of this flourishing market coming in the form of a bidding war for Signal messaging app zero-days from a relatively new entrant.
Network World

All-out blitz against Web app attacks

Armed with Web application firewalls, intrusion-protection systems and vulnerability scanners, companies can defend against app-level cyberattacks. After nearly 20 years of selling software to the ...