A security vulnerability in Facebook’s Messenger Rooms video chat feature meant attackers could access a victim’s private Facebook photos and videos, and submit posts, via their locked Android screen.

The vulnerability could lead to the exfiltration of data and traffic, the hijack of other administrator accounts, and the deployment of malware such as keyloggers, backdoors, and more.

The US Cybersecurity and Infrastructure Security Agency (CISA) has launched its first federal civilian security vulnerability disclosure program (VDP) in partnership with Bugcrowd.

Security researchers have revealed the details of two vulnerabilities in Joomla – the popular content management system – which, if chained together, could be used to achieve full system compromise.

Up to a third of all security flaws reported to organizations with no vulnerability disclosure policy (VDP) are not being patched due to failings in the disclosure process, a new report suggests.

Hyperkitty, a web interface for the popular open source mailing list and newsletter management service Mailman, has patched a critical bug that revealed private mailing lists while importing them.

Fedena, an open-source school and college management system, contains seven security vulnerabilities, including two critical vulnerabilities that can be exploited without authentication.

The bug was initially reported as high severity. But Sijie Guo, a member of the Apache Pulsar Project Management Committee (PMC), told The Daily Swig that the real-world impact of the bug is minimal.

Unauthenticated attackers can achieve RCE on vulnerable clients by combining a reflected cross-site scripting (XSS) bug with a Chromium Embedded Framework (CEF) sandbox escape.

The EPUB format relies primarily on XHTML and CSS to construct e-books, with browser engines often used to render their contents, which leads to browser-like vulnerabilities.