Microsoft

AutoJack: How a single page can RCE the host running your AI agent

Ongoing research into AI agent framework security identified an exploit chain in AutoGen Studio (AutoGen’s open-source prototyping user interface) that allows untrusted web content rendered by a ...

Mandiant Identifies Zero-Day Exploitation Of Cisco SD-WAN Devices

Mandiant has published new research detailing how a sophisticated threat actor exploited a previously unknown vulnerability in Cisco Catalyst SD-WAN Manager to gain full root-level access to a ...
Microsoft

CNAPP evolution: How Microsoft aligns with leading cloud risk management platforms

Discover how Microsoft aligns with the next phase of CNAPP—helping organizations correlate signals, prioritize risk, and ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
SecurityWeek

macOS Weaknesses Chained to Silently Disable Endpoint Security Agents

A macOS attack technique allows a standard, non-administrative user account to silently disable enterprise endpoint security ...
Security Boulevard

Unpatchable usbliter8 Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

What happened Security researchers at Paradigm Shift published a working exploit called usbliter8 that achieves arbitrary code execution inside the SecureROM of Apple’s A12 and A13 chips. SecureROM ...

Apple's A12 and A13 Chips Facing New Unpatchable Exploit

Security research firm Paradigm Shift today published details of a new BootROM vulnerability affecting Apple's A12 and A13 ...
Ars Technica

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...
CoinTelegraph

THORChain pauses trading after suspected $10M exploit

THORChain paused trading after ZachXBT flagged a suspected $10 million exploit spanning Bitcoin, Ethereum, BNB Chain and Base. Decentralized liquidity protocol THORChain halted trading after ...
Ars Technica

Zero-day exploit completely defeats default Windows 11 BitLocker protections

A zero-day exploit circulating online allows people with physical access to a Windows 11 system to bypass default BitLocker protections and gain complete access to an encrypted drive within seconds.
Bleeping Computer

Google: Hackers used AI to develop zero-day exploit for web admin tool

Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web administration tool was likely generated using AI. The exploit could be leveraged ...
CoinDesk

Arbitrum freezes $71 million in ether tied to Kelp DAO exploit

Arbitrum's Security Council has frozen 30,766 ETH, worth about $71 million, linked to the $292 million rsETH exploit against Kelp DAO, placing the funds in a governance-controlled wallet. The ...