IEEE

Your Exploit is Mine: Automatic Shellcode Transplant for Remote Exploits

Abstract: Developing a remote exploit is not easy. It requires a comprehensive understanding of a vulnerability and delicate techniques to bypass defense mechanisms. As a result, attackers may prefer ...
Bitdefender

FamousSparrow APT Targets Azerbaijani Oil and Gas Industry

I'd like to thank my co-author, Martin Zugec, for his valuable contributions to this report. This intrusion adds three dimensions to the public understanding of Chinese APT activity in contested ...
The Free Press Journal

New 'Copy Fail' Flaw In Linux Kernel Lets Any Local User Seize Root Access: Here's How To Fix It

Tracked as CVE-2026-31431 with a CVSS score of 7.8, Copy Fail was uncovered and named by researchers at Xint.io and Theori. The flaw allows an unprivileged local user to write four controlled bytes ...
Forbes

AI Just Hacked One Of The World's Most Secure Operating Systems

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. An autonomous agent found, analyzed and exploited a FreeBSD kernel vulnerability in four ...
HotHardware

Microsoft Office Zero-Day Exploited Days After Emergency Patch, Update ASAP

Microsoft Office is victim to a critical zero-day exploit, and Russian hacker groups are already weaponizing it in destabilizing efforts toward the Ukrainian government. While Westerners and most ...
Infosecurity-magazine.com

Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks

Russian-linked hacking group Fancy Bear (APT28) has reportedly exploited a recently disclosed vulnerability in Microsoft Office to conduct cyber-attacks against Ukrainian and EU organizations. The ...
thecyberexpress

Russian APT28 Exploit Zero-Day Hours After Microsoft Discloses Office Vulnerability

Ukraine’s cyber defenders warn Russian hackers weaponized a Microsoft zero-day within 24 hours of public disclosure, targeting government agencies with malicious documents delivering Covenant ...
GitHub

l-urk/CVE-2024-6387

🔒 CVE-2024-6387 regreSSHion remote code execution vulnerability exploit script usage: regreSSHion.py [-h] -i IP -p PORT [-t] [-c] [-d] [-r] [-x] [-y] [-z] 🔒 CVE ...
The Hacker News

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far ...
Fox News

Fake Windows update pushes malware in new ClickFix attack

Cybercriminals keep getting better at blending into the software you use every day. Over the past few years, we've seen phishing pages that copy banking portals, fake browser alerts that claim your ...
Security Boulevard

CVE-2025-50165: Critical Flaw in Windows Graphics Component

IntroductionIn May 2025, Zscaler ThreatLabz discovered CVE-2025-50165, a critical remote code execution (RCE) vulnerability with a CVSS score of 9.8 that impacts the Windows Graphics Component. The ...
GitHub

ENDGAME - A Dashboard Exploit for the Original Xbox

ENDGAME is a universal dashboard exploit for the original Microsoft Xbox. This exploit has been carefully engineered to be compatible across all retail kernel and dashboard versions released for the ...