CSO Online

HP Poly VoIP vulnerability sets the stage for executive voice deepfakes

The remote code execution flaw enables root access and voice attacks on HP Poly VoIP phones, including eavesdropping and the ...
SecurityWeek

Nation-State iOS Exploit Kit ‘Coruna’ Found Powering Global Attacks

Google and iVerify analysis reveals a powerful exploit kit originally used by Russian state actors that is now appearing in broader criminal campaigns. Multiple iOS exploits and five exploit chains ...
Bleeping Computer

Exploit released for new PinTheft Arch Linux root escalation flaw

A recently patched Linux privilege escalation vulnerability now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileges on Arch Linux systems. The ...
Windows Report

MiniPlasma Zero-Day Exploit Allegedly Gives SYSTEM Access on Fully Patched Windows 11

A security researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day called MiniPlasma, raising fresh concerns about the security of fully patched Windows systems.
CoinTelegraph

THORChain pauses trading after suspected $10M exploit

THORChain paused trading after ZachXBT flagged a suspected $10 million exploit spanning Bitcoin, Ethereum, BNB Chain and Base. Decentralized liquidity protocol THORChain halted trading after ...
Ars Technica

Zero-day exploit completely defeats default Windows 11 BitLocker protections

A zero-day exploit circulating online allows people with physical access to a Windows 11 system to bypass default BitLocker protections and gain complete access to an encrypted drive within seconds.
Engadget

Google announces its first-ever discovery of a zero-day exploit made with AI

We can now add cybercrimes to the list of growing concerns associated with artificial intelligence. Google's Threat Intelligence Group (GTIG) said it discovered, for the first time ever, a threat ...
The Verge

Google stopped a zero-day hack that it says was developed with AI

Google researchers found evidence in the exploit’s code that it may have been created using AI, like a ‘hallucinated’ CVSS score. Google researchers found evidence in the exploit’s code that it may ...
Dark Reading

'Dirty Frag' Exploit Poised to Blow Up on Enterprise Linux Distros

A public exploit is available for a nine-year old vulnerability that affects the Linux kernel, paving the way for root privilege escalation. The flaw, which actually is two vulnerabilities chained ...
decrypt

Hackers Used AI to Build a Zero-Day Exploit That Bypasses Two-Factor Authentication: Google

Google's Threat Intelligence Group confirmed that cybercriminals used AI to develop a zero-day exploit targeting a popular open-source web administration tool. Google said this is the first time the ...
The Hacker News

Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft

A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and ...