Homeland Security Today

Microsoft Edge Browser Permission Backdoor Can Allow Remote Attacks to Steal Data

It has been nearly a week since security researcher John Page reported that he had found an Internet Explorer XML eXternal Entity (XXE) vulnerability. A new layer of this vulnerability has been ...
Threat Post

Researcher Says NSA’s Ghidra Tool Can Be Used for RCE

Researchers have released a proof-of-concept showing how a XXE vulnerability can be exploited to attack Ghidra project users. Ghidra, a free, open-source software reverse-engineering tool that was ...
Bleeping Computer

CISA orders feds to patch actively exploited Geoserver flaw

CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. In such attacks, an XML input containing a ...
Dark Reading

Patch Now: OpenNMS Bug Steals Data, Triggers Denial of Service

Maintainers of OpenNMS patched a high-severity vulnerability in both the community-supported and subscription-based versions of the widely used open source network monitoring software. The XML ...