Coverage
Vulnerabilities
748 articles on vulnerability disclosures and exploits
Advertisement
WhatsApp View Once Bypass via Modified Clients - Meta Won't Patch
A new WhatsApp View Once bypass allows recipients to persist media via modified clients. Meta declines patching, citing client-side enforcement limits.
Ubuntu CVE-2026-3888: Privilege Escalation via systemd Timing Flaw
A high-severity flaw in Ubuntu 24.04+ allows local attackers to gain root access via a systemd cleanup timing exploit tracked as CVE-2026-3888.
CVE-2026-32746: GNU InetUtils Telnetd RCE Mitigation Guide
Unauthenticated root RCE discovered in GNU InetUtils telnetd (CVE-2026-32746). Learn how to detect CVE-2026-32746 exploit attempts and secure port 23.
CVE-2026-20643: Apple Patches WebKit Same-Origin Policy Bypass
Apple addresses CVE-2026-20643, a critical WebKit Navigation API flaw allowing Same-Origin Policy bypass on iOS and macOS. Deploy updates immediately.
Apple CVE-2026-20643: WebKit Flaw Fixed via Background Update
Apple deploys the first Background Security Improvements update to address a critical WebKit vulnerability (CVE-2026-20643) across iOS and macOS platforms.
Ransomware TTPs Shift: From Cobalt Strike to Native Tools, Data Theft Surges
Ransomware actors are abandoning Cobalt Strike for native Windows tools as payment rates decline, leading to a significant surge in data theft.
CVE-2025-13957: Hard-coded Credentials in Schneider EcoStruxure DCE
Hard-coded credentials in Schneider Electric EcoStruxure Data Center Expert v9.0 and prior (CVE-2025-13957) allow information disclosure and RCE if SOCKS Proxy is
Siemens SICAM SIAPP SDK RCE and DoS Vulnerabilities: Patch Guide
Siemens releases security updates for SICAM SIAPP SDK versions prior to 2.1.7 to address high-severity RCE, command injection, and buffer overflow flaws.
_Tithi_Luadthong_alamy.png?width=1280&auto=webp&quality=80&disable=upscale)
Warlock Ransomware: BYOVD Techniques and Post-Exploitation Analysis
The Warlock ransomware group has evolved its tactics, utilizing BYOVD techniques and stealthy cross-network activity to bypass EDR and security controls.
Hiding Malicious Commands from AI via Font-Rendering Manipulation
Learn how attackers use font-rendering tricks to bypass AI safety filters and execute prompt injection attacks against LLM-powered assistants.
Windows 11 24H2 Samsung Galaxy Book C: Drive Access Fix
Microsoft releases technical guidance to resolve C: drive access denied errors and application failures on Samsung Galaxy Book devices running Windows 11.
CVE-2025-47813: CISA Warns of Wing FTP Server Path Leakage Exploitation
CISA adds CVE-2025-47813 to its KEV catalog, highlighting active exploitation of a Wing FTP Server information disclosure flaw that leaks internal server paths.