SonicWall advises organizations to patch SMA 100 appliances and look for IoCs associated with Overstep malware attacks.

Cisco also uncovered four use-after-free flaws that can be leveraged to execute arbitrary code in the JavaScript engine of Foxit PDF Reader, including one (CVE-2018-3964) that leverages the ...

Facebook is warning that a FreeType vulnerability in all versions up to 2.13 can lead to arbitrary code execution, with reports that the flaw has been exploited in attacks. Bill Toulas; March 12, 2025 ...

Blocking JavaScript execution results in an immediate boost to a users' security, as none of that code will be able to execute. Also: Russian election hacking hits a bump, but it's still going on CNET ...

In terms of the details, CVE-2018-16148 and CVE-2018-16147 are both cross-site scripting flaws that can be abused to execute malicious JavaScript code in the context of a legitimate user: The ...

Mozilla is leveraging an impressive new optimization technique to bring a big performance boost to the Firefox JavaScript engine. The code was merged today (but is not yet ready to be enabled by ...

Mozilla has introduced Firefox 141 – a security-focused update that addresses 18 newly disclosed vulnerabilities. They range ...

research on remote code execution through Intel CPU bugs at the upcoming Hack in the Box Security Conference in Malaysia. If his proof of concept code consisting of JavaScript or TCP/IP packet ...

JavaScript sinks are properties, functions and other client-side entities that that can lead to or influence client-side code execution. Here are some common exploitable JavaScript sinks: ...