Researchers from Doyensec, together with an independent author known as BitsByWill, have publicly demonstrated a working exploitation chain that enables remote execution of code in the Linux kernel via KSMBD — the in-kernel SMB3...
Researchers from COMSEC, in collaboration with Google engineers, have uncovered a novel Rowhammer variant capable of circumventing protections in contemporary SK Hynix DDR5 modules — the flaw has been assigned CVE-2025-6202. The team demonstrated...
Samsung has released its September security updates for Android, addressing a critical zero-day vulnerability that had already been exploited in active attacks. The flaw, tracked as CVE-2025-21043 and rated 8.8 on the CVSS scale,...
A critical vulnerability has been uncovered—and almost immediately weaponized—in the IP telephony ecosystem through FreePBX. Signs of widespread compromise were first reported on August 21, 2025, when administrators began noticing identical symptoms and suspicious...
SAP has addressed two critical vulnerabilities in the NetWeaver Java application server that could allow attackers to execute arbitrary code and fully compromise affected systems. The security updates, released in September 2025, remediate CVE-2025-42922...
Researchers at ETH Zurich have unveiled a novel attack dubbed VMScape, bearing strong resemblance to Spectre and posing a significant threat to virtualization infrastructures. The attack enables a malicious virtual machine to extract cryptographic...
An unusual incident unfolded at the Spinoza campus in Amsterdam: an unknown intruder hacked into the digital payment system of five washing machines. For several weeks, students were able to use the machines free...
Researchers at Oligo Security have uncovered a vulnerability in Apple CarPlay that enables remote code execution with root privileges, granting attackers full control over a vehicle’s multimedia system. The flaw, registered as CVE-2025-24132, resides...
U.S. Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) demanding an investigation into Microsoft, accusing the company of “gross negligence” in the field of cybersecurity. The concern stems from...
In August 2024, SonicWall issued security advisory SNWLID-2024-0015, disclosing an improper access control vulnerability in SSLVPN across Gen5, Gen6, and Gen7 devices. The flaw enabled attackers to bypass restrictions and gain access under specific...