PHP unserialization attacks have been well known for some time, but a new exploitation method explained last week at Black Hat USA in Las Vegas demonstrated that the attack surface for PHP ...

A sophisticated, likely government-sponsored threat actor has been compromising major public and private organizations over the past year by exploiting deserialization flaws in public-facing ASP.NET ...

CISA has added a vulnerability — cataloged as CVE-2023-26359 — to the Known Exploited Vulnerabilities Catalog with a CVSS score of 9.8 due to active exploitation. The vulnerability is a ...

Windows internet-facing servers are being targeted by a new threat actor operating "almost completely in-memory," according to a new report from the Sygnia Incident Response team. The report said that ...

Cisco has disclosed a critical security flaw affecting its Cisco Security Manager software, along with two other high-severity vulnerabilities in the product. Cisco has flagged that the three security ...

Ransomware hackers have started exploiting one or more recently fixed vulnerabilities that pose a grave threat to enterprise networks around the world, researchers said. One of the vulnerabilities has ...

A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices. The ...

WordPress CMS installations are vulnerable to a PHP bug related to data deserialization (also known as unserialization), a security researcher has revealed at the start of the month. The bug has been ...

The cybercriminals are using a deserialization vulnerability, CVE-2019-18935, to achieve remote code execution before moving laterally through the enterprise. A Monero cryptocurrency-mining campaign ...