Tag: DEF CON
-
Major Flaw Exposes Password Managers to “One-Click” Data Theft
Popular browser extensions used for password management have been found vulnerable to a novel attack technique known as DOM-based extension clickjacking. The method was unveiled by independent researcher Marek Tot at DEF CON 33. According to him, an attacker needs only to craft a malicious website with a counterfeit pop-up window: a single click on…
-
Beyond the Cookie Jar: Uncovering Privacy Flaws in Google’s New Ad Tech
The book From Day Zero to Zero Day, published by No Starch Press, has been released, offering a comprehensive introduction to the fundamentals of vulnerability research. The author presented it at DEF CON 33 and the Crypto & Privacy Village conference, where he highlighted flaws in the implementation of Google’s Privacy Sandbox—a project intended to…
-
our Windows System Is Not Safe: New ‘EPM Poisoning’ Attack Hijacks RPC Protocol
Security experts at SafeBreach have disclosed the details of a vulnerability in the Windows Remote Procedure Call (RPC) protocol, patched by Microsoft in the July 2025 security update. Tracked as CVE-2025-49760 with a CVSS score of 3.5, the flaw allowed an attacker to perform spoofing attacks, impersonating a legitimate server through the Windows Storage mechanism.…
-
New ‘Win-DDoS’ Attack Turns Windows Servers Into a Global Botnet
At DEF CON 33, researchers from SafeBreach unveiled a new attack technique dubbed Win-DDoS, capable of transforming thousands of publicly accessible domain controllers (DCs) worldwide into a powerful botnet for large-scale DDoS attacks. The method requires no hardware purchase, code injection, or system compromise—making it exceptionally dangerous and leaving virtually no trace. Win-DDoS exploits a…
-
Your Webcam Can Be a Hacker’s Weapon: New ‘BadCam’ Attack Hijacks Lenovo Devices
Researchers at Eclypsium have uncovered critical vulnerabilities in the Lenovo 510 FHD and Lenovo Performance FHD webcams that allow them to be transformed into BadUSB-style attack devices. The issue, dubbed BadCam, was presented at DEF CON 33 and is believed to be the first documented case in which a Linux-based device, already connected to a…