Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of App...
20 articles
Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of App...
This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique.
Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Stee...
CryptoBandits uses a local SOCKS5 proxy for traffic routing, blending data theft with remote code execution. The post CryptoBandits Malware Doubles as a Back...
Working with frontier AI models, this new platform aims to help discovering, prioritizing, validating and remediating code vulnerabilities
A recently disclosed vulnerability inc, which affects UEFI applications signed by multiple vendors, has prompted urgent recommendations to update the UEFI Fo...
CISA has urged U.S.
Microsoft is warning of a novel remote code execution (RCE) path possible through web-enabled AI agents, demonstrating the technique against AutoGen Studio, ...
A novel Windows-based cryptocurrency clipper that has been active since February 2026 and leverages Windows Script Host (WScript) and ActiveXObject calls to ...
Hackers are actively exploiting a compromised Klue Battlecards integration to extract sensitive Salesforce CRM data by abusing OAuth tokens, according to new...
A recently disclosed iPhone BootROM vulnerability, dubbed “usbliter8,” highlights a significant flaw in Apple’s SecureROM implementation. This vulnerability ...
AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machin...
We break down the technical architecture behind our multi-stage vulnerability discovery harness and automated triage loop. Learn how we manage state controls...
Last week, there were disclosed in and that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPres...
On May 13th, 2026, we received a submission for a critical Unauthenticated Arbitrary File Deletion vulnerability in Avada Builder, a premium WordPress plugin...
F5 has released an out-of-band security notification addressing multiple high‑severity vulnerabilities in NGINX components that can enable remote code execut...
View CSAF Summary Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service (DoS) condition in the affected pr...
View CSAF Summary Successful exploitation of this vulnerability could allow a remote attacker to cause a denial-of-service (DoS) condition in the affected pr...
Insufficient validation of user input allows an attacker to gain access to the underlying OS and elevate their privileges to root. The post Critical Command ...
A large-scale cyber espionage campaign dubbed “FortiBleed” has compromised more than 70,000 Fortinet firewalls and VPN gateways worldwide, exposing enterpris...