Microsoft researchers have unveiled Sploitlight, a practical technique for bypassing macOS’s TCC protections by abusing Spotlight plugins—an exploit that can siphon data from protected databases, including those that feed Apple Intelligence features. The study...
Researchers at TyphoonPWN, participating in the TyphoonPWN 2025 contest, uncovered a critical flaw in LG WebOS firmware that permits total takeover of a television — from unauthorized file downloads to webcam access, application installation,...
Google has released a new security update for the Chrome browser, addressing four vulnerabilities at once. Particular emphasis was placed on a zero-day flaw already observed in active exploitation: CVE-2025-10585, a type confusion error...
Researchers at SySS GmbH have disclosed a critical vulnerability in the Windows Boot Manager dubbed BitPixie. The flaw permits attackers to bypass BitLocker protections and attain full administrative access to a system. At the...
A Yandex information security specialist has identified and helped eliminate a high-severity vulnerability in the Chromium project code, the foundation of many modern browsers. The flaw could have allowed attackers to execute actions within...
Experts at Unit 42 have presented an analysis of vulnerabilities associated with the use of large language model–based coding assistants. These tools, integrated into IDEs such as GitHub Copilot, can perform a wide range...
Apple has released supplemental security updates for older iPhone and iPad models, addressing a zero-day vulnerability previously patched in the latest versions of iOS, iPadOS, and macOS. Tracked as CVE-2025-43300, the flaw stems from...
Researchers from Doyensec, together with an independent author known as BitsByWill, have publicly demonstrated a working exploitation chain that enables remote execution of code in the Linux kernel via KSMBD — the in-kernel SMB3...
Researchers from COMSEC, in collaboration with Google engineers, have uncovered a novel Rowhammer variant capable of circumventing protections in contemporary SK Hynix DDR5 modules — the flaw has been assigned CVE-2025-6202. The team demonstrated...
Samsung has released its September security updates for Android, addressing a critical zero-day vulnerability that had already been exploited in active attacks. The flaw, tracked as CVE-2025-21043 and rated 8.8 on the CVSS scale,...
A critical vulnerability has been uncovered—and almost immediately weaponized—in the IP telephony ecosystem through FreePBX. Signs of widespread compromise were first reported on August 21, 2025, when administrators began noticing identical symptoms and suspicious...
SAP has addressed two critical vulnerabilities in the NetWeaver Java application server that could allow attackers to execute arbitrary code and fully compromise affected systems. The security updates, released in September 2025, remediate CVE-2025-42922...
