exploit

New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones

exploit, iPhone, Mobile & Wireless, USB, Usbliter8 /

New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones 2026-06-22 at 13:03 By Eduard Kovacs The vulnerability exploited by the Usbliter8 exploit cannot be patched and a PoC exploit has been released by researchers. The post New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones appeared first on SecurityWeek. This article is an […]

New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones Read More »

Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656)

0-day, Don't miss, exploit, Hot stuff, Microsoft, Microsoft Defender, News, vulnerability disclosure /

Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656) 2026-06-17 at 14:26 By Zeljka Zorz Microsoft has acknowledged the local elevation of privilege issue in Microsoft Defender that can be triggered via the “RoguePlanet” exploit, and is “working to provide a high quality security update that addresses this vulnerability.” The vulnerability, which has been assigned

Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656) Read More »

Attackers are exploiting FortiSandbox vulnerabilities

Defused, Don't miss, exploit, Fortinet, Hot stuff, News, sandbox, vulnerability /

Attackers are exploiting FortiSandbox vulnerabilities 2026-06-16 at 18:27 By Zeljka Zorz Attackers have been spotted exploiting three vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) in FortiSandbox, a platform that other Fortinet security products depend on for threat verdicts to enforce blocking decisions and trigger automated responses. The warning came on Monday from threat intelligence company Defused, which said

Attackers are exploiting FortiSandbox vulnerabilities Read More »

Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation

AI, Artificial Intelligence, exploit, Mythos, Vulnerabilities, vulnerability /

Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation 2026-06-09 at 18:18 By Ionut Arghire Public LLM models with safeguards turned off can also build working exploits, increasing patch gap risks. The post Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Claude Mythos Turns N-Days Into N-Hours With Rapid Exploit Creation Read More »

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245)

0-day, APT, Cisco, Don't miss, exploit, Hot stuff, Mandiant, News, SD-WAN /

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245) 2026-06-05 at 15:49 By Zeljka Zorz A 0-day privilege escalation vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager that has yet to be patched by Cisco is being leveraged by attackers. “To exploit this vulnerability, an attacker must have netadmin privileges on an affected system. This would require

Cisco SD-WAN 0-day exploited, no patch available (CVE-2026-20245) Read More »

Exploit Code Published for Critical Flowise RCE Vulnerability

CVE-2026-40933, exploit, Featured, Vulnerabilities, vulnerability /

Exploit Code Published for Critical Flowise RCE Vulnerability 2026-05-30 at 18:55 By Ionut Arghire The one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow. The post Exploit Code Published for Critical Flowise RCE Vulnerability appeared first on SecurityWeek. This article is an excerpt from

Exploit Code Published for Critical Flowise RCE Vulnerability Read More »

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)

CVE, Don't miss, exploit, Hot stuff, Microsoft, News, PoC, vulnerability disclosure, Windows, Windows Server /

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) 2026-05-20 at 11:49 By Zeljka Zorz Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the full-disk encryption feature built into Windows, and access users’ data. In the meantime, the company

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) Read More »

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945)

Don't miss, exploit, Hot stuff, News, Nginx, PoC, VulnCheck, vulnerability /

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945) 2026-05-18 at 16:32 By Zeljka Zorz A critical NGINX vulnerability (CVE-2026-42945) disclosed last week is being exploited by attackers, VulnCheck security researcher Patrick Garrity revealed on Saturday. The vulnerability, dubbed NGINX Rift, can be reliably exploited to trigger a denial-of-service condition and can potentially allow for unauthenticated remote

Attackers are exploiting critical NGINX vulnerability (CVE-2026-42945) Read More »

Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE

exploit, MiniPlasma, unpatched, Vulnerabilities, vulnerability, Windows /

Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE 2026-05-18 at 13:58 By Ionut Arghire The researcher dropped the MiniPlasma exploit that uses the original proof-of-concept (PoC) code targeting the bug. The post Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Researcher Drops MiniPlasma Windows Exploit for Unpatched 2020 CVE Read More »

Hackers Earn $1.3 Million at Pwn2Own Berlin 2026 

Artificial Intelligence, exploit, Featured, hacking contest, Pwn2Own, Pwn2Own Berlin, Vulnerabilities /

Hackers Earn $1.3 Million at Pwn2Own Berlin 2026  2026-05-18 at 08:02 By Eduard Kovacs Participants demonstrated exploits for Windows, Linux, VMware, Nvidia, and AI products. The post Hackers Earn $1.3 Million at Pwn2Own Berlin 2026  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Hackers Earn $1.3 Million at Pwn2Own Berlin 2026  Read More »

PoC Code Published for Critical NGINX Vulnerability

exploit, Nginx, PoC, Vulnerabilities, vulnerability /

PoC Code Published for Critical NGINX Vulnerability 2026-05-16 at 14:43 By Ionut Arghire Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. The post PoC Code Published for Critical NGINX Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

PoC Code Published for Critical NGINX Vulnerability Read More »

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300)

containers, Don't miss, exploit, Hot stuff, Linux, News, PoC, servers, vulnerability /

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300) 2026-05-14 at 17:34 By Zeljka Zorz Researchers have found and disclosed yet another local privilege escalation (LPE) vulnerability in the Linux kernel: CVE-2026-46300, aka “Fragnesia”. The flaw is in the same class of vulnerabilities as the recently disclosed Dirty Frag bug(s). Like

Fragnesia: New Linux kernel LPE bug was spawned by Dirty Frag patch (CVE-2026-46300) Read More »

Google researchers uncover criminal zero-day exploit likely built with AI

0-day, AI, APT, attack, cybercrime, cybersecurity, Don't miss, exploit, Google, Google Cloud, Hot stuff, Mandiant, News, report, Russian Federation, threats /

Google researchers uncover criminal zero-day exploit likely built with AI 2026-05-11 at 16:48 By Mirko Zorz Google’s threat intelligence researchers have linked a zero-day exploit to AI-assisted development by a criminal group. The exploit targeted a popular open-source web-based system administration tool. It allowed attackers to bypass two-factor authentication once they had valid user credentials.

Google researchers uncover criminal zero-day exploit likely built with AI Read More »

Google Detects First AI-Generated Zero-Day Exploit

AI, Artificial Intelligence, exploit, Google /

Google Detects First AI-Generated Zero-Day Exploit 2026-05-11 at 16:48 By Eduard Kovacs The zero-day was designed to bypass 2FA and it was developed by a prominent cybercrime group. The post Google Detects First AI-Generated Zero-Day Exploit appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Google Detects First AI-Generated Zero-Day Exploit Read More »

Dirty Frag: Unpatched Linux vulnerability delivers root access

cybersecurity, Don't miss, exploit, Hot stuff, Linux, News, vulnerability /

Dirty Frag: Unpatched Linux vulnerability delivers root access 2026-05-08 at 18:03 By Zeljka Zorz A week after Copy Fail, another Linux local privilege escalation vulnerability dubbed “Dirty Frag” has been revealed, along with a PoC exploit. What is Dirty Frag In effect, Dirty Frag refers to two flaws: A xfrm-ESP Page-Cache Write vulnerability (CVE-2026-43284, aka

Dirty Frag: Unpatched Linux vulnerability delivers root access Read More »

Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431)

containers, Don't miss, exploit, Hot stuff, Linux, News, PoC, Red Hat, SUSE, Theori, Ubuntu, vulnerability /

Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) 2026-04-30 at 15:31 By Zeljka Zorz Security researchers at Theori have disclosed a high-severity local privilege escalation (LPE) vulnerability (CVE-2026-31431) in the Linux kernel. The flaw, nicknamed “Copy Fail”, has affected virtually every major Linux distribution shipped since 2017, and a working proof-of-concept (PoC) exploit

Nine-year-old Linux kernel flaw enables reliable local privilege escalation (CVE-2026-31431) Read More »

New Mirai variants target routers and DVRs in parallel campaigns

Akamai, botnet, consumer, DDoS, Don't miss, DVR, end of support, enterprise, exploit, Fortinet, Hot stuff, Internet of Things, Malware, News, router, SMBs /

New Mirai variants target routers and DVRs in parallel campaigns 2026-04-22 at 16:42 By Zeljka Zorz Hidden inside newly discovered botnet malware is an unusual message from its creator: “AI.NEEDS.TO.DIE”. Dubbed “tuxnokill” by researchers at Akamai, the malware is one of two fresh Mirai botnet variants documented this month by major cybersecurity firms and, judging

New Mirai variants target routers and DVRs in parallel campaigns Read More »

Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild

0-day, Don't miss, exploit, Hot stuff, Huntress, Microsoft, Microsoft Defender, News, PoC /

Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild 2026-04-17 at 14:32 By Zeljka Zorz The security researcher who earlier this month published a proof-of-concept (PoC) exploit for a zero-day privilege escalation vulnerability in Microsoft Defender is back with two more. The first, dubbed “RedSun,” is another privilege escalation flaw

Researcher drops two more Microsoft Defender zero-days, all three now exploited in the wild Read More »

Acrobat Reader zero-day exploited in the wild for many months

0-day, Adobe, Adobe Reader, Don't miss, exploit, Expmon, Hot stuff, News, PDF /

Acrobat Reader zero-day exploited in the wild for many months 2026-04-09 at 15:44 By Zeljka Zorz Unknown attackers have exploited a zero-day Adobe Acrobat Reader vulnerability since November 2025 and possibly even earlier, security researcher Haifei Li has discovered. PDF files carry the exploit Haifei Li is one of the creators of EXPMON, a sandbox-based

Acrobat Reader zero-day exploited in the wild for many months Read More »

Scroll to Top