Cross site scripting vulnerabilities are easy to exploit. The best way to prevent exploitation is by applying input and output sanitation as well as ensuring the security basics are carried out.
Hackers were able to gain unauthorised access to the IT platform of Rail Europe's e-commerce websites for three long months before the firm was alerted to a possible breach by one of its banks.
A security vulnerability has been discovered in a software framework used web apps that could enable hackers to execute remote code. The problem could affect many web apps that use the framework.
Privilege escalation and cross-site scripting vulnerabilities discovered allowing WiFi network takeover and with mitigations for all vulnerabilities difficult, patching is required.
Critical vulnerability allows attackers to bypass authentication. Security researchers have found flaws in fibre-optic broadband routers that enable hackers to bypass security and takeover devices.
PUBG (PlayerUnknown's Battlegrounds) Corp. announced the arrest of 15 hackers in China who were accused of developing, selling, promoting, and using unauthorised hacking/cheating programs on the platform.
Security researchers have found a flaw in Windows that could allow hackers to crash a system when they insert a USB stick with specially crafted code. The problem happens even when Windows is locked.
71 percent of hackers say they can breach the perimeter of a target within 10 hours" and 100 percent within 15 according to the latest 'Black Report' from Nuix, surveying hacker method and motivation.
Security researchers have found a flaw in the emergency alert warning siren system used by many local authorities - could be sounded by hackers, research finds.
US Homeland Security warned Russian state actors behind attacks on US energy grid. Security researchers have warned that hackers are using badly-configured Cisco switches to gain entry into the infrastructure of organisations.
Nearly 70 percent of successful ransomware attacks in 2017 were the result of hackers gaining access to enterprise networks by phishing via email or social media network.
Amidst a major rise in zero-day malware attacks in Q4 2017, researchers have observed how hackers are increasingly using Microsoft Office documents as carriers to deliver malicious payloads in enterprise systems.
Fancy Bear hackers are suspected of launching a foiled cyber-attack on the UK's Anti-Doping Agency.
The US Dept of Justice has charged nine Iranians from the Mabna Institute with stealing more than 31 terabytes of files from US, UK and other universities, companies, government agencies and non-governmental organisations.
The rising capabilities of Iranian hackers came to the fore in 2017 when hacker groups like Helix Kitten, Charming Kitten, and Volatile Kitten launched several crippling cyber-attacks on Saudi Arabian entities.
Gwent Police failed to inform up to 450 people that hackers may have accessed their confidential information after it found that an online tool that allowed citizens to report incidents to the Police was exposed to hackers.
The hackers who injected malicious code into a version of computer maintenance app CCleaner last year may have been preparing to deliver third-stage malware to some of the 2.27 million computers that had downloaded it.
The Hacking Team is back: previously unreported samples of its infamous surveillance tool, the Remote Control System (RCS), were spotted in the wild throughout fourteen countries, according to ESET researchers.
Security researchers recently uncovered a phishing campaign that suspected Korean hackers had, since August 2017, unleashed on humanitarian aid organisations by using topics on North Korean politics.
Made to order certificates available on the dark web. Security researchers have discovered that hackers are able to obfuscate malware through code signing and SSL certificates.
An easy-to-exploit bug has left Tinder accounts and private chats exposed to hackers, revealed a researcher this week.
Hacker group Lazarus has renewed a phishing campaign it launched, but instead of injecting malware to access enterprise IT environments, the group is now injecting implants to identify those running Bitcoin-related software.
Warnings that the 2018 Winter Olympic Games would be the target for hackers came true almost immediately as the Pyeongchang computer system was hit with a "destroyer" cyber-attack knocking its website and other services offline.
Hackers are increasingly turning to server-side attacks, according to a new report. Report notes fall in use of client-side exploit kits.
NSA exploits stolen by hacker Shadow Brokers can be tweaked to exploit vulnerabilities in all versions of Windows, including Windows 10 - so deploy the MS17-010 security update from Microsoft as soon as possible.
Sophisticated implants such as Gold Dragon, Brave Prince, Ghost419, and RunningRat allow hackers to steal sensitive data from systems owned by organisations involved with the Winter Olympics in South Korea.
DCShadow attack allows installation of backdoor. Hackers could set up their own fake domain controller in an existing corporate network to distribute malware and leave a backdoor.
Hackers could run code on VPN box. Cisco has confirmed a critical security vulnerability in its SSL VPN solution, Adaptive Security Appliance (ASA), one of the most widely-deployed SSL VPNs on the market.
On Sunday it was announced that Coincheck Inc would return 46.3 billion Yen (£302 million) of virtual money to its owners after hackers stole the amount last week in one of the biggest-ever virtual money thefts, according to Reuters.