Critical libssh2 vulnerability: Proof-of-concept exploit released

The libssh2 library, which is widely used, contains a critical security vulnerability. A published proof-of-concept exploit ...

New Apple Exploit Exposes Millions of iPhones Worldwide, No Software Fix Available

Researchers disclosed usbliter8, a SecureROM exploit affecting older Apple devices that can bypass boot protections with ...
The Hacker News

Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

Paradigm Shift’s usbliter8 exploit targets Apple A12 and A13 SecureROM via USB DFU mode, creating an unpatchable hardware ...

New Windows Zero-Day Claims BitLocker Bypass Amid Microsoft Disclosure Fight

A new Windows zero-day reportedly bypasses BitLocker, adding pressure on Microsoft as researchers debate the exploit’s real-world impact.
TweakTown

WinRAR 'high-risk' exploit discovered, make sure you update to the latest release

'RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability' can place files in the Windows Startup folder and cause real damage. TL;DR: WinRAR has a critical security vulnerability ...

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM tools never tracked.

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...
Hosted on MSN

DarkSword code leak raises iPhone hacking risk; experts urge updates

A vulnerability tracked as CVE-2025-31277 is listed in the National Vulnerability Database (NVD) with affected Apple platforms that include iOS, iPadOS, macOS, Safari, tvOS, watchOS, and visionOS. The ...
Bleeping Computer

Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now

A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. The flaw was discovered by ...
Hosted on MSN

A critical Apache HTTP/2 flaw gives attackers a working proof-of-concept for remote code execution on millions of servers

A vulnerability in Apache HTTP Server’s HTTP/2 protocol handling now has working exploit code circulating among security researchers, and at least one U.S. state government has issued an emergency ...
Infosecurity-magazine.com

Malicious VS Code Extensions Exploit Name Reuse Loophole

A new campaign involving malicious Visual Studio Code (VS Code) extensions has exposed a loophole in the VS Code Marketplace that allows threat actors to reuse names of previously removed packages.
Infosecurity-magazine.com

61% of Hackers Use New Exploit Code Within 48 Hours of Attack

In 2024, cyber-criminals have launched attacks within 48 hours of discovering a vulnerability, with 61% of hackers using new exploit code in this short timeframe. Companies faced an average of 68 days ...