The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components.
Stories by Lucian Constantin
Attackers are still exploiting unaddressed vulnerabilities in an estimated 300,000 MikroTik routers. A new tool will detect compromised devices.
The botnet take-down is believed to be temporary as the criminal group has a back-up command-and-control mechanism based on Bitcoin blockchain.
Each of two flaws allow attackers to bypass authentication, leaving customers of MSPs that use ManageEngine at risk. Patches are available.
Researchers have discovered two dangerous vulnerabilities in HP multifunction printers that use its FutureSmart firmware, including one that is exploitable remotely.
Void Balaur will target individuals and organisations in Russian-speaking countries with an intimate knowledge of telecom systems.
The NUCLEUS:13 vulnerabilities can allow remote code execution or denial of service attacks. Billions of devices could be affected.
Researchers have reported 14 vulnerabilities in the BusyBox userspace tool that's used in millions of embedded devices running Linux-based firmware.
Security researchers demonstrated an attack chain against Nagios that combined multiple vulnerabilities to achieve remote code execution.
The criminals behind the Trojan have placed fully functional utilities that carry malicious code on the Google Play store in a way that evades detection.
A new Microsoft advisory claims Russia's Nobelium group is trying to gain long-term access to the technology supply chain and offers mitigation advice.
Researchers at Splunk outline a technique that could detect malicious activity in the software supply chain, but with some limitations.
One of the vulnerabilities patched by Microsoft has been exploited by a Chinese cyber-espionage group since at least August.
The MalKamak group has been running its Operation GhostShell campaign for at least three years unnoticed.
The FoggyWeb post-exploitation backdoor is persistent and steals configuration databases and security token certificates.
By Bharat Bedi, SolarWinds, Head of Sales, APJ