The newly expanded Facebook bug bounty program sniffs out access token exposure flaws. Go to Source

Old instances of the popular WordPress Duplicator Plugin are leaving sites open to remote code execution attacks. Go to Source

The attack stems from a glitch in WebKit, an HTML layout browser engine in Apple’s Safari browser. Go to Source

The attack bypasses BIOS mitigations for cold-boot compromise on models from Apple, Dell, Lenovo and all others made in the last 10 years. Go to Source

The rules would apply to all hosting service providers offering services in the E.U., regardless of size, even if they’re not based there. Go to Source

Third-party breaches have become an epidemic as cybercriminals target the weakest link. Organizations such as BestBuy, Sears, Delta and even NYU Medical Center are just a few that have felt the impact of cyberattacks through… Five Weakest Links in Cybersecurity That Target the Supply Chain

The threat group has racked up a list of victims including Feedify, Groopdealz and British Airways. Go to Source

Microsoft’s September Patch Tuesday release tackles a vulnerability actively being exploited in the wild. Go to Source

The Iran-linked APT appears to be in a state of continuous tool development, analogous to the DevOps efforts seen in the legitimate software world. Go to Source

The second-most popular delivery method is CVE-2017-11882, a patched Microsoft vulnerability that allows the attacker to perform arbitrary code-execution. Go to Source