Researchers at Specops have updated their study on cracking passwords hashed with bcrypt. Two years earlier they published similar findings, but the hardware landscape has shifted dramatically since: the AI boom and surging compute...
Microsoft researchers have unveiled Sploitlight, a practical technique for bypassing macOS’s TCC protections by abusing Spotlight plugins—an exploit that can siphon data from protected databases, including those that feed Apple Intelligence features. The study...
Researchers at TyphoonPWN, participating in the TyphoonPWN 2025 contest, uncovered a critical flaw in LG WebOS firmware that permits total takeover of a television — from unauthorized file downloads to webcam access, application installation,...
Google has released a new security update for the Chrome browser, addressing four vulnerabilities at once. Particular emphasis was placed on a zero-day flaw already observed in active exploitation: CVE-2025-10585, a type confusion error...
Developers of the PureHVNC remote-access trojan have adopted a new level of concealment, brazenly using GitHub to host source code and modules for their malicious toolkit. That is the conclusion of Check Point Research...
Researchers at SySS GmbH have disclosed a critical vulnerability in the Windows Boot Manager dubbed BitPixie. The flaw permits attackers to bypass BitLocker protections and attain full administrative access to a system. At the...
The newly discovered Python trojan XillenStealer, identified by researchers at Cyfirma, poses a grave threat to Windows users. Engineered to harvest system information, stored credentials, and cryptocurrency wallets, it also bundles an array of...
Microsoft, in collaboration with Cloudflare, has carried out a sweeping operation against RaccoonO365, a Phishing-as-a-Service (PhaaS) platform widely exploited to steal Microsoft 365 credentials across the globe. Through coordinated action, 338 domains were seized,...
LDAP Nom Nom Anonymously bruteforce Active Directory usernames from Domain Controllers by abusing LDAP Ping requests (cLDAP) Looks for enabled normal user accounts. No Windows audit logs were generated. High-speed ~ up to 10K/sec...
A Yandex information security specialist has identified and helped eliminate a high-severity vulnerability in the Chromium project code, the foundation of many modern browsers. The flaw could have allowed attackers to execute actions within...