Security News

114 posts

/ionstack-android-root-one-link/ionstack-android-root-one-link.png
IonStack Turns One Link Into Full Root on Your Android Phone

July 9, 2026

IonStack You tap one link, and root is already running on your Android 17 phone. You never download a file or approve a permission box because the page does the …

/windows-gdid-tracking/windows-gdid-tracking.png
Windows Hands Your Name to the Police Through One Hidden Number

July 8, 2026

You are completely anonymous and think no one can trace you. But Windows put a permanent number on your machine, it never turns off, and that number is where …

/trojpix-air-gap-attack/trojpix-air-gap-diagram.png
TrojPix Steals Data From Air Gapped Computers Through the Screen

July 7, 2026

TrojPix pulled a file off a computer that connects to nothing. 8.1 megabits a second. 208 meters away. Straight through a 30 cm concrete wall. It went out over …

/jadepuffer-ai-ransomware/jadepuffer-ai-ransomware.png
JADEPUFFER Is the First Ransomware Attack Run Entirely by an AI Agent

July 5, 2026

JADEPUFFER is the first documented ransomware operation run by an AI agent. The agent broke in, stole credentials, jumped to a second target, encrypted a …

/fatfs-sd-card-jailbreak/fatfs-sd-card-jailbreak.png
FatFs Flaw Lets One SD Card Take Over Millions of Devices

July 4, 2026

Millions of devices read an SD card with one small piece of code called FatFs, and researchers just found seven ways to break it. The worst one hands the whole …

/phantom-squatting-ai-domains/phantom-squatting-ai-domains.png
Phantom Squatting Lets Hackers Buy the Fake Websites Your AI Invents

July 1, 2026

Your AI assistant just sent you to a login page that did not exist a few weeks ago, and the person who registered it is already collecting the passwords people …

/winrar-rar-startup-folder-attack/winrar-rar-startup-folder-malware.png
WinRAR Can Still Drop Malware Into Your Startup Folder a Year After the Patch

June 30, 2026

You unzipped a file with WinRAR, the way you always do. Nothing on screen looked wrong. The next morning you logged in and malware was already running, and the …

/gitea-act-runner-container-escape/gitea-docker-container-escape.png
Your Gitea Docker Runner Gives Up Root Even With Privileged Mode Off

June 28, 2026

A Docker container on a Gitea build runner can break out to root on the host, the setting built to stop that does nothing, and there is no patch yet. CVSS 9.9. …

/pedit-cow-linux-root/pedit-cow-linux-kernel-root.png
Pedit COW Turns a Normal Linux User Into Root While the Disk Stays Clean

June 27, 2026

A flaw in the Linux kernel called pedit COW lets a regular, unprivileged user rewrite /bin/su in memory and become root, while the copy on disk never changes …

/configconfusion-google-no-bounty/configconfusion-google-no-bounty.png
Google Told the Researcher Nice Catch Then Refused to Pay and Never Fixed It

June 23, 2026

Google told a security researcher his bug was a nice catch, lined up his payout, then eleven days later called it harmless and refused to pay a cent. The flaw …

/usbliter8-iphone-bootrom-exploit/usbliter8-iphone-bootrom-exploit.png
Usbliter8 Breaks the iPhone XS and 11 and Apple Cannot Patch It

June 21, 2026

usbliter8 takes control of the iPhone XS and iPhone 11 before iOS even loads, and no update Apple ships can ever close it. The flaw lives in the SecureROM, the …

/fortibleed-fortinet-credential-leak/fortibleed-fortinet-credential-leak.png
FortiBleed Cracks Open 80,000 Fortinet Firewalls And Thousands Used 123456

June 20, 2026

FortiBleed Fortinet credential leak. Attackers can log into more than 80,000 corporate firewalls right now, and on 2,645 of them the password was 123456. The …

/openbsd-pap-empty-password-bypass/openbsd-pap-empty-password-bypass.png
OpenBSD Let Attackers Log In With an Empty Password for 27 Years

June 17, 2026

A 27-year-old flaw in OpenBSD let attackers bypass its PPP login with nothing more than an empty username and an empty password. Hand a vulnerable system a …

/optinmonster-supply-chain-backdoor/optinmonster-supply-chain-backdoor.png
OptinMonster Supply Chain Attack Hits 1.2 Million WordPress Sites

June 16, 2026

1.2 million WordPress sites were caught in a supply chain attack last week, where the admin’s own login quietly created a secret account and planted a …

/atomic-arch-aur-malware/atomic-arch-aur-malware.png
Hackers Hijacked 400 Arch Linux AUR Packages to Install Malware

June 13, 2026

More than 400 packages in the Arch User Repository (AUR) were hijacked this week, and the attacker never broke into a single system to do it. They took over …

/greatxml-bitlocker-bypass/greatxml-bitlocker-bypass.png
GreatXML Turns Windows Defender's Offline Scan Into a BitLocker Bypass

June 12, 2026

Nightmare-Eclipse is back again, this time with a BitLocker bypass called GreatXML that runs straight through Microsoft’s own antivirus. On a Windows …

/miasma-worm-ai-coding-agents/miasma-worm-ai-coding-agents.png
The Miasma Worm Hid in Microsoft's Code and Ran the Moment You Opened It

June 11, 2026

GitHub disabled 73 of Microsoft’s own repositories in 105 seconds, after a worm called Miasma planted a credential stealer inside Microsoft’s Azure …

/rogueplanet-windows-defender-zero-day/rogueplanet-windows-defender-zero-day.png
RoguePlanet Windows Defender Zero Day Hands Any User Full SYSTEM Control

June 10, 2026

Nightmare-Eclipse is back, with a new exploit called RoguePlanet. Windows 10 and 11 have a new zero-day that lets a user with no rights take complete control of …

/nftables-root-use-after-free/nftables-root-use-after-free.png
One Character in nftables Hands Any Linux User Root

June 9, 2026

One extra character in the Linux kernel hands a normal user root. A single ! that does not belong inside nftables, the firewall built into Debian and Ubuntu by …

/internet-explorer-webbrowser-rce/internet-explorer-webbrowser-rce.png
Internet Explorer Can Still Take Over a Fully Patched Windows PC in 2026

June 8, 2026

Internet Explorer can still take over a fully patched Windows machine, years after Microsoft retired it in 2022. The code that ran it was never removed from …

/chromium-background-fetch-botnet/chromium-background-fetch-botnet.png
Google Leaked the Chrome Bug That Turns Your Browser Into a Botnet

June 7, 2026

A single visit to one website can quietly turn your browser into part of a botnet, and the working code to do it is now still sitting out in the open. It …

/home-proxy-network/home-proxy-network-residential-proxy.png
Your Home Devices Are Being Turned Into Proxies for the AI Industry

June 6, 2026

Your phone, your TV, your router, anything in your home with an internet connection can be put to work crawling the web for the AI industry, and nothing on the …

/http2-bomb-remote-dos/http2_bomb.png
HTTP/2 Bomb Takes Down nginx Apache IIS Envoy and Cloudflare

June 3, 2026

A new exploit called HTTP/2 Bomb lets one ordinary home computer take down nginx, Apache, Microsoft IIS, Envoy and Cloudflare Pingora, the web servers behind a …

/meta-ai-instagram-account-takeover/meta-ai-instagram-account-takeover.png
Hackers Took Over Instagram Accounts By Asking Meta's AI Support Bot

June 2, 2026

Hackers took over some of the most valuable accounts on Instagram over the weekend by asking Meta’s own AI support bot to hand them the keys, and it …

/nightmare-eclipse-microsoft-zero-day-war/nightmare-eclipse-microsoft-zero-day-war.png
Six Working Windows Zero Days and the Researcher Microsoft Called a Criminal

May 31, 2026

Six working Windows attacks are sitting in the open right now, three of them already seen in a real intrusion, and the researcher who published them did it …

/frost-ssd-browser-spying/featured-image.png
FROST Lets a Website See Which Sites and Apps You Have Open by Timing Your SSD

May 30, 2026

FROST lets a website time your SSD and see which sites and apps you have open, even ones running in a different browser. It needs no malware and nothing to …

/badhost-starlette-cve-2026-48710/featured-image.png
BadHost Breaks Into FastAPI and vLLM With a Single Character

May 27, 2026

BadHost is one character in an HTTP header that bypasses authentication on FastAPI, vLLM, LiteLLM, and the Python MCP SDK. They all run on Starlette. Starlette …

/ghost-cms-cve-2026-26980/featured-image.png
Ghost CMS SQL Injection Stole Admin Keys From 700 Websites With One Request

May 26, 2026

A SQL injection vulnerability in Ghost CMS has turned Harvard University, Oxford University, and DuckDuckGo into malware distribution platforms. Visitors arrive …

/google-api-key-23-minutes/featured-image.png
Google API Keys Keep Working for 23 Minutes After You Delete Them

May 23, 2026

Google tells you the key is gone. It keeps working for 23 more minutes. When you delete a Google API key, a dialog appears that says the following: “Once …

/ghosttree-ntfs-defender-bypass/featured-image.png
GhostTree Makes Windows Defender Stop Scanning With Two Lines of Code

May 21, 2026

GhostTree makes Windows Defender stop scanning. Two lines of code, no admin rights, and malware sitting right next to it goes completely undetected. A Varonis …