Supermicro server motherboards contain critical vulnerabilities in their Baseboard Management Controller (BMC): researchers at Binarly discovered a way to install malicious firmware that executes before the operating system and is effectively irreversible. Reportedly, one...
A critical vulnerability, CVE-2025-10184, has been identified in the OxygenOS operating system used on OnePlus smartphones, allowing any application on the device to read the contents of SMS messages and related metadata without requesting...
Cisco has released security updates addressing a zero-day in IOS and IOS XE that is already being exploited in the wild. CVE-2025-20352 is a stack-based buffer-overflow in the SNMP subsystem that affects any device...
Researchers at the University of Waterloo have demonstrated that even when encryption is employed, the actions of robotic assistants can be inferred with near-perfect accuracy. Their study revealed that by analyzing network traffic, it...
Researchers from VUSec, together with engineers at Google, have published a detailed account of a newly identified chain of vulnerabilities and the exploit known as “L1TF Reloaded,” which targets Intel processors from the Skylake...
Researchers at SPLX have demonstrated that ChatGPT can be deceived with carefully crafted prompts and compelled to solve CAPTCHA tests — a task long considered the exclusive domain of humans. This experiment casts doubt...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about two distinct malware frameworks uncovered within the network of an unnamed organization, following the exploitation of newly disclosed vulnerabilities in Ivanti...
OpenAI has patched a critical vulnerability known as ShadowLeak, which allowed its cloud-based agent Deep Research to silently siphon personal data from connected sources and exfiltrate it to external servers—even without the victim opening...
Microsoft narrowly avoided a vulnerability that could have led to the mass compromise of its cloud customers: Dutch researcher Dirk-jan Mollema uncovered two interrelated flaws in the Entra ID identity management service (formerly Azure...
Researchers from the ByteRay team have disclosed a critical vulnerability in TP-Link routers that enables remote execution of arbitrary code by bypassing Address Space Layout Randomization (ASLR). Tracked as CVE-2025-9961 (CVSS score: 8.6), the...
An independent researcher named Andreas, author of the blog Anagogistis, has uncovered severe vulnerabilities in the Linux clients of PureVPN, flaws that undermine the very foundations of anonymity and traffic protection. The issues affect...
Microsoft researchers have unveiled Sploitlight, a practical technique for bypassing macOS’s TCC protections by abusing Spotlight plugins—an exploit that can siphon data from protected databases, including those that feed Apple Intelligence features. The study...
