Researchers found a third of the top WordPress e-commerce plugins contain severe vulnerabilities tied to XSS cross-site scripting, SQL injection and file manipulation flaws.
In the wake of the Pentagon and Army bug bounties, the government continues to engage researchers with the publication of the DoD’s vulnerability disclosure program.
Attackers could exploit over-the-air updates in three million Android devices to remotely execute commands with root privileges via a man-in-the-middle (MiTM) attack.
Researchers have spotted an increase in Nemucod downloader infections moving via Facebook Messenger spam, with some victims being infected with Locky ransomware.
Drupal fixed a handful of issues in version 7 and 8 of the content management system core engine that could have led to cache poisoning, social engineering attacks, and a denial of service condition.
Qualcomm and HackerOne are partnering for a bug bounty program that pays out up to $15,000 for vulnerabilities found in chipsets used in smartphones made by Samsung, LG and HTC.