The Hacker News

Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

Paradigm Shift’s usbliter8 exploit targets Apple A12 and A13 SecureROM via USB DFU mode, creating an unpatchable hardware ...

New Apple Exploit Exposes Millions of iPhones Worldwide, No Software Fix Available

Researchers disclosed usbliter8, a SecureROM exploit affecting older Apple devices that can bypass boot protections with ...

New Windows Zero-Day Claims BitLocker Bypass Amid Microsoft Disclosure Fight

A new Windows zero-day reportedly bypasses BitLocker, adding pressure on Microsoft as researchers debate the exploit’s ...

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...

Claude Code, Copilot and Codex all got hacked. Every attacker went for the credential, not the model.

Six teams exploited Claude Code, Copilot, Codex, and Vertex AI in nine months. Every attack hit runtime credentials that IAM tools never tracked.

New unpatchable exploit targets Apple devices with A12 and A13 chips

Researchers at Paradigm Shift have published the technical details of usbliter8, a new unpatchable iPhone BootROM ...
TweakTown

WinRAR 'high-risk' exploit discovered, make sure you update to the latest release

'RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability' can place files in the Windows Startup folder and cause real damage. TL;DR: WinRAR has a critical security vulnerability ...
Hosted on MSN

Fortinet discloses critical bug with working exploit code amid surge in brute-force attempts

Fortinet warned customers about a critical FortiSIEM bug that could allow an unauthenticated attacker to execute unauthorized commands, and said working exploit code for the flaw has been found in the ...
Bleeping Computer

Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now

A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. The flaw was discovered by ...
Hosted on MSN

DarkSword code leak raises iPhone hacking risk; experts urge updates

A vulnerability tracked as CVE-2025-31277 is listed in the National Vulnerability Database (NVD) with affected Apple platforms that include iOS, iPadOS, macOS, Safari, tvOS, watchOS, and visionOS. The ...
Infosecurity-magazine.com

61% of Hackers Use New Exploit Code Within 48 Hours of Attack

In 2024, cyber-criminals have launched attacks within 48 hours of discovering a vulnerability, with 61% of hackers using new exploit code in this short timeframe. Companies faced an average of 68 days ...
Infosecurity-magazine.com

Malicious VS Code Extensions Exploit Name Reuse Loophole

A new campaign involving malicious Visual Studio Code (VS Code) extensions has exposed a loophole in the VS Code Marketplace that allows threat actors to reuse names of previously removed packages.