A heap buffer-overflow flaw (CVE-2020-15960) in storage in Google Chrome could allow a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Administrators running Samba as their domain controllers should update their installations as the open-source software suffers from the same ZeroLogon hole as Microsoft's Windows Server.

Hackers have released the source code of the Cerberus Android banking trojan in public after their planned auction turned out a dud; its base price was $50,000.

IBM reported about the botnet that uses command injection attacks to gain initial access to devices. It was behind 90% of the IoT network traffic observed between October 2019 and June 2020.

Windows users looking to install a VPN app are in danger of downloading one that’s been bundled with a backdoor, Trend Micro researchers warn.

Online retailers, particularly those still using the Magento 1 e-commerce platform, need to take action fast to update their security posture, according to Sonassi, which hosts Magento.

Cybersecurity researcher George Skouroupathis uncovered a flaw in Cloudflare's Web Application Firewall (WAF) SQL injection protection mechanism.

The plugin developers have revealed for the third time a security patch to address two high-severity cross-site scripting (XSS) flaws that could be exploited by an attacker to hijack a targeted site.

The flaw is classed as an unauthenticated RCE vulnerability in Aruba ClearPass Policy Manager, which acts as a secure access gatekeeper for IoT, BYOD, and guest devices on corporate networks.

A carryover function in the node-forge JavaScript library contains a flaw that could allow attackers to carry out prototype pollution attacks against applications, according to an advisory on GitHub.