-
A proof-of-concept exploit has been published for a critical flaw in the secure boot process of the Nothing Phone (2a) and CMF Phone 1. This exploit can break the chain of trust and allow full code execution at the highest privilege level, posing a sev…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical authentication bypass in the Service Finder Bookings plugin has enabled unauthenticated attackers to assume administrator privileges on thousands of WordPress sites. Exploitation began within 24 hours of public disclosure, and over 13,800 ex…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A proof-of-concept (PoC) exploit has been released for a critical vulnerability in the secure boot chain of the Nothing Phone (2a) and CMF Phone 1, potentially affecting other devices using MediaTek systems-on-a-chip (SoCs). The exploit, named Fenrir and published by researcher R0rt1z2, allows for arbitrary code execution at the highest privilege level, effectively breaking the […] The post PoC Exploit Released For Nothing Phone Code Execution Vulnerability appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researcher Norbert Szetei published the final installment of his deep-dive into the ksmbd filesystem module, culminating in a working proof-of-concept exploit targeting CVE-2025-37947. Unlike earlier use-after-free candidates that required com…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers have released a full proof-of-concept (PoC) exploit for a high-severity vulnerability in the Linux kernel’s ksmbd module, demonstrating a reliable path to local privilege escalation. The vulnerability, tracked as CVE-2025-37947, is an out-of-bounds write that can be leveraged by an authenticated local attacker to gain complete root control over a vulnerable system. This […] The post Linux Kernel ksmbd Filesystem Vulnerability Exploited – PoC Released appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitLab has issued a critical security update to address several denial-of-service (DoS) vulnerabilities affecting both Community Edition (CE) and Enterprise Edition (EE). Self-managed installations should upgrade immediately to versions 18.4.2, 18.3.4,…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
GitLab has released important security updates. The new versions are 18.4.2, 18.3.4, and 18.2.8 for both Community Edition (CE) and Enterprise Edition (EE). These updates fix several vulnerabilities that could lead to denial-of-service (DoS) attacks and allow unauthorized access. All self-managed GitLab installations are strongly advised to upgrade promptly to mitigate potential disruptions. GitLab.com and […] The post GitLab Security Update – Patch For Multiple Vulnerabilities That Enables DoS Attack appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security researchers at Volexity have uncovered compelling evidence that China-aligned threat actors are leveraging artificial intelligence platforms like ChatGPT to enhance their sophisticated cyberattack capabilities. The group, tracked as UTA0388, h…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
CrowdStrike has disclosed two critical vulnerabilities affecting its Falcon sensor for Windows that could enable attackers to delete arbitrary files and potentially compromise system stability. The cybersecurity company released patches for both securi…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
The popular communication platform Discord is facing an extortion attempt following a significant data breach at one of its third-party customer service providers, Zendesk. Threat actors claim to have stolen 1.5 terabytes of sensitive data, including over 2.1 million government-issued identification photos used for age verification. While Discord confirms the breach, it disputes the scale […] The post Discord Data Breach – 1.5 TB of Data and 2 Million Government ID Photos Extorted appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
