Tag Archives: vulnerabilities

Locked in heated rivalry with researcher, Microsoft fixes 0-day they disclosed

Tuesday’s patch bundle also fixed MiniPlasma, a separate vulnerability disclosed by Nightmare Eclipse. Microsoft said in an email that the vulnerability is tracked as CVE-2020-17103, a vulnerability Microsoft first fixed six years ago. That means MiniPlasma was the result of a regression or an incomplete patch in its initial form. The company is in the… Read More: Locked in heated rivalry with researcher, Microsoft fixes 0-day they… »

High-severity vulnerability in Linux caused by a single errant character

When a verdict map is deleted from memory, catchall elements are deactivated and a chain’s reference counter is decremented. When errors occur the deletion can be reversed and the counter incremented. CVE-2026-53111 allows for that process to be altered. As a result, the exploit can decrement the variable an arbitrary number of times and then… Read More: High-severity vulnerability in Linux caused by a single errant character »

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other Chromium-based browsers. The proof-of-concept code exploits the Browser Fetch programming interface, a standard that allows long videos and other large files to be downloaded in the background.… Read More: Google publishes exploit code threatening millions of Chromium users »

Zero-day exploit completely defeats default Windows 11 BitLocker protections

A zero-day exploit circulating online allows people with physical access to a Windows 11 system to bypass default BitLocker protections and gain complete access to an encrypted drive within seconds. The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments… Read More: Zero-day exploit completely defeats default Windows 11 BitLocker protections »

Linux bitten by second severe vulnerability in as many weeks

Both privilege escalation vulnerabilities stem from bugs in the kernel’s handling of page caches stored in memory, allowing untrusted users to modify them. They target caches in networking and memory-fragment handling components. Specifically, CVE-2026-43284 attacks the esp4 and esp6 () processes, and CVE-2026-43500 zeroes in on rxrpc. Last week’s CopyFail exploited faulty page caching in… Read More: Linux bitten by second severe vulnerability in as many weeks »

Mozilla says 271 vulnerabilities found by Mythos have “almost no false positives”

As noted earlier, Mozilla’s characterization of AI-assisted vulnerability discovery as a game changer has been met with massive, vocal skepticism in many quarters. Critics initially scoffed when Mozilla didn’t obtain CVE designations for any of the 271 vulnerabilities. Like many developers, however, Mozilla doesn’t obtain CVE listings for internally discovered security bugs. Instead, they are… Read More: Mozilla says 271 vulnerabilities found by Mythos have “almost no… »

The most severe Linux threat to surface in years catches the world flat-footed

Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of Linux is setting off alarm bells as defenders scramble to ward off severe compromises inside data centers and on personal devices. The vulnerability and exploit code that exploits it were released Wednesday evening by researchers from security… Read More: The most severe Linux threat to surface in years catches… »

Microsoft issues emergency update for macOS and Linux ASP.NET threat

Microsoft released an emergency patch for its ASP.NET Core to fix a high-severity vulnerability that allows unauthenticated attackers to gain SYSTEM privileges on devices that use the Web development framework to run Linux or macOS apps. The software maker said Tuesday evening that the vulnerability, tracked as CVE-2026-40372, affects versions 10.0.0 through 10.0.6 of the… Read More: Microsoft issues emergency update for macOS and Linux ASP.NET threat »

Researchers disclose vulnerabilities in IP KVMs from four manufacturers

Researchers are warning about the risks posed by a low-cost device that can give insiders and hackers unusually broad powers in compromising networks. The devices, which typically sell for $30 to $100, are known as IP KVMs. Administrators often use them to remotely access machines on networks. The devices, not much bigger than a deck… Read More: Researchers disclose vulnerabilities in IP KVMs from four manufacturers »

Feds take notice of iOS vulnerabilities exploited under mysterious circumstances

Coruna is also notable for its use by three distinct hacking groups. Google first detected its use in February of last year in an operation conducted by a “customer of a surveillance vendor.” The vulnerability exploited, tracked as CVE-2025-23222, had been patched 13 months earlier. In July 2025, a “suspected Russian espionage group” exploited CVE-2023-43000… Read More: Feds take notice of iOS vulnerabilities exploited under mysterious circumstances »