Microsoft narrowly avoided a vulnerability that could have led to the mass compromise of its cloud customers: Dutch researcher Dirk-jan Mollema uncovered two interrelated flaws in the Entra ID identity management service (formerly Azure...
Researchers from the ByteRay team have disclosed a critical vulnerability in TP-Link routers that enables remote execution of arbitrary code by bypassing Address Space Layout Randomization (ASLR). Tracked as CVE-2025-9961 (CVSS score: 8.6), the...
An independent researcher named Andreas, author of the blog Anagogistis, has uncovered severe vulnerabilities in the Linux clients of PureVPN, flaws that undermine the very foundations of anonymity and traffic protection. The issues affect...
Microsoft researchers have unveiled Sploitlight, a practical technique for bypassing macOS’s TCC protections by abusing Spotlight plugins—an exploit that can siphon data from protected databases, including those that feed Apple Intelligence features. The study...
Researchers at TyphoonPWN, participating in the TyphoonPWN 2025 contest, uncovered a critical flaw in LG WebOS firmware that permits total takeover of a television — from unauthorized file downloads to webcam access, application installation,...
Google has released a new security update for the Chrome browser, addressing four vulnerabilities at once. Particular emphasis was placed on a zero-day flaw already observed in active exploitation: CVE-2025-10585, a type confusion error...
Researchers at SySS GmbH have disclosed a critical vulnerability in the Windows Boot Manager dubbed BitPixie. The flaw permits attackers to bypass BitLocker protections and attain full administrative access to a system. At the...
A Yandex information security specialist has identified and helped eliminate a high-severity vulnerability in the Chromium project code, the foundation of many modern browsers. The flaw could have allowed attackers to execute actions within...
Experts at Unit 42 have presented an analysis of vulnerabilities associated with the use of large language model–based coding assistants. These tools, integrated into IDEs such as GitHub Copilot, can perform a wide range...
Apple has released supplemental security updates for older iPhone and iPad models, addressing a zero-day vulnerability previously patched in the latest versions of iOS, iPadOS, and macOS. Tracked as CVE-2025-43300, the flaw stems from...