The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...

Socket uncovers large-scale GitHub spam campaign abusing “Discussions” notifications Fake advisories with bogus CVEs trick ...

There is currently an attack wave targeting devices with older iOS versions. Apple has commented on the effectiveness of a security feature in this context.

Centre for Israel and Jewish Affairs wrote to finance minister ahead of spring economic statement after report warned of possible extremist attack ...

The tool allows a hacker to steal messages, passwords, photos, location history, and even cryptocurrency wallets.

International conflicts in the physical world can lead to a spike in cyberattacks — both on government entities and on ...

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...

A leaked hacking tool called DarkSword could expose older iPhones and iPads to attacks through malicious links and ...

Discover 7 enterprise infrastructure tools that reduce engineering workload, speed deployment, and eliminate months of manual ...

Threat group TeamPCP exploited credentials stolen in the Trivy breach to push malicious versions of LiteLLM to PyPI, exposing ...

Bubble.io's good name is being tarnished by advanced and convincing phishing lures.

Here’s what we know, and what you need to know, about Coruna and DarkSword, two advanced iPhone hacking tools discovered by ...