Security News

114 posts

/cve-2023-31096-microsoft-modem-driver-exploit/featured-image.png
CVE-2023-31096: Microsoft Modem Driver Exploit Fixed Three Years Later

January 14, 2026

In January 2026, Microsoft had already patched 114 vulnerabilities! Four modem drivers deleted since October. Companies that wrote them: gone. Source code: …

/sap-patch-tuesday-four-critical-vulnerabilities-cve-2026-0501/featured-image.png
SAP Just Got Breached: Four Critical Vulnerabilities Let Attackers Steal Financial Data (CVE-2026-0501)

January 13, 2026

SAP just patched four critical vulnerabilities SAP just patched four critical vulnerabilities. CVSS scores up to 9.9. One lets attackers run code with nothing …

/ios-webkit-zero-day-iphone-compromise-cve-2025-43529/featured-image.png
Your iPhone Just Got Owned: iOS WebKit Zero-Days Require No Click (CVE-2025-43529)

January 12, 2026

Your iPhone can be compromised by loading a webpage. No click. No download. Just visit the wrong site. Apple patched this a month ago. Only 16% of users have …

/unix-v4-1973-buffer-overflow-history/featured-image.png
52-Year-Old Unix Tape Reveals the Same Buffer Overflow We're Still Making Today

January 11, 2026

A 52-year-old tape just revealed a buffer overflow that looks exactly like the bugs we’re still finding today. 😏 In July 2025, someone found a magnetic …

/ni8mare-n8n-cve-2026-21858-rce/featured-image.png
Ni8mare: n8n Vulnerability Gives Full Admin Access with One HTTP Header Change

January 10, 2026

100,000 servers. One HTTP header change. Full admin access. No password required. They call it “Ni8mare.” CVSS 10.0. The patch existed for 7 weeks. …

/notion-ai-prompt-injection-data-exfiltration/featured-image.png
Notion AI Leaks Data Before You Click OK: Prompt Injection Hits 100 Million Users

January 8, 2026

Notion AI steals data before the user clicks OK. 100 million users. 4 million paying customers. Amazon. Nike. Uber. Pixar. More than half of Fortune 500 …

/chrome-extensions-steal-chatgpt-conversations/featured-image.jpg
Malicious Chrome Extensions Steal ChatGPT Conversations from 900,000 Users

January 8, 2026

Two Chrome extensions. 900,000 users. Every ChatGPT and DeepSeek conversation stolen. Sent to attacker servers every 30 minutes. Google gave one of them a …

/fake-bsod-clickfix-dcrat-malware/featured-image.jpg
Fake Blue Screen of Death Installs $5 RAT Malware via ClickFix Attack

January 6, 2026

$5 buys two months of complete access to someone’s computer. Keylogging, webcam, passwords, files. The malware is called DCRat. The delivery method: a …

/esa-breach-200gb-data-stolen/featured-image.jpg
European Space Agency Hacked: 200GB Stolen in 7 Days, Data Sold on FBI Honeypot

January 5, 2026

€7.68 billion budget. 3,000 staff. A brand new Cyber Security Operations Centre opened. A hacker spent 7 days inside their systems downloading 200GB of data. …

/kimwolf-botnet-android-tv-boxes-proxy-exploit/featured-image.jpg
Kimwolf Botnet: 2 Million Android TV Boxes Hacked via Proxy App Vulnerability

January 4, 2026

A botnet just fired 1.7 billion DDoS commands in 72 hours. Attack capacity: nearly 30 Terabits per second. 2 million Android TV boxes sitting in living rooms …

/ffmpeg-heap-overflow-ai-vulnerability-hunter/featured-image.jpg
16-Year-Old's AI Finds Heap Buffer Overflow in FFmpeg EXIF Parser

January 3, 2026

A 16-year-old built an AI that mass-hunts memory bugs. It found 6 vulnerabilities in FFmpeg in December. One was a heap buffer overflow in the EXIF parser. The …

/airoha-bluetooth-backdoor-sony-bose-jbl/featured-image.jpg
70 Million Bluetooth Chips Have a Backdoor: Sony, Bose, JBL Headphones at Risk

January 2, 2026

Your headphones just became a backdoor to your phone. No pairing. No popup. Just Bluetooth range. 70 million chips. Sony. Bose. Marshall. JBL. A debug protocol …

/rondodox-botnet-react2shell-exploit-shotgun/featured-image.jpg
RondoDox Botnet: 56 Exploits, Gaming Traffic Disguise, and Self-Defense Against Recovery

January 1, 2026

RondoDox added React2Shell to its arsenal. 90,000+ servers. 56 vulnerabilities. 30+ vendors. They call it the “exploit-shotgun” approach. Fire …

/libsodium-first-cve-13-years-ed25519/featured-image.jpg
libsodium Gets First CVE After 13 Years: The Two-Line Fix

December 31, 2025

The crypto library behind Discord, WordPress, and Zcash just got its first CVE. After 13 years. 😏 libsodium. You’ve probably never heard of it. But …

/wired-hack-idor-vulnerability-subscriber-data/featured-image.jpg
WIRED Magazine Hacked: 2.3 Million Records Leaked via Basic IDOR Vulnerability

December 30, 2025

WIRED magazine got hacked. 2.3 million subscriber records leaked. And this is just the beginning. 😏 A hacker called “Lovely” dumped the database on …

/rainbow-six-siege-hack-ubisoft-backend-breach/featured-image.jpg
Rainbow Six Siege Hacked: $339 Trillion in Fake Credits, Streamers Banned, CEO Mocked

December 29, 2025

You log into your game. Suddenly, you got $13.3 million in your account. 🥳 You didn’t earn it. Neither did 30 million other players. December 27, 2025. …

/mongobleed-mongodb-memory-leak-cve-2025-14847/featured-image.jpg
MongoBleed: 87,000 MongoDB Servers Leaking Memory Like Heartbleed

December 28, 2025

You trust your database to keep your data safe. MongoDB just proved it doesn’t. 87,000 servers are leaking memory to anyone who asks. 😏 December 2025. …

/fortinet-authentication-bypass-cve-2020-12812-cve-2025-59718/featured-image.jpg
Fortinet Authentication Bypass: A 5-Year-Old Bug Returns While a New One Gets Exploited in 3 Days

December 27, 2025

You buy a firewall to protect your network. In one month, two different authentication bypasses are being actively exploited. One is five years old. One is …

/fake-github-exploits-webrat-malware-security-researchers/featured-image.jpg
Fake GitHub Exploits Target Security Researchers: Download a PoC, Get Malware

December 26, 2025

Attackers are targeting security researchers through GitHub. You downloaded a proof-of-concept exploit from GitHub. Professional README. Detailed instructions. …

/macsync-stealer-apple-notarization-bypass/featured-image.jpg
Apple Approved It: MacSync Stealer Bypasses Notarization to Infect Hundreds of Macs

December 25, 2025

Apple’s security team reviewed this app. Approved it. But now it steals your passwords, crypto wallets, and Telegram account. 😳 Hundreds of Macs infected …

/lotusbail-npm-whatsapp-credential-theft/featured-image.jpg
Malicious npm Package Stole WhatsApp Messages for 6 Months: 56,000 Downloads

December 24, 2025

56,000 downloads. 6 months online. A WhatsApp library on npm was stealing credentials, messages, and contacts. Nobody noticed. 🤔 The package is called …

/asus-tplink-authentication-bypass-cve-2025/featured-image.png
Your Router Just Failed: ASUS & TP-Link Critical Vulnerabilities (CVE-2025-59367)

November 16, 2025

Your router protects your home network from the internet. Or it’s supposed to. Two major vendors just proved it doesn’t. 😅 ASUS: CVE-2025-59367 …

/cve-2025-31133-docker-container-escape/featured-image.png
Your Docker container? It just walked right out the front door.

November 13, 2025

Your Docker container? It just walked right out the front door. 😏 Three vulnerabilities just got patched. November 5th. CVE-2025-31133, CVE-2025-52565, …

/cve-2025-62215-windows-kernel-race-condition/featured-image.png
Your Windows Kernel Has a Race Condition Being Exploited Right Now

November 12, 2025

Your Windows Kernel has a race condition. You’ve probably never thought about race conditions. (Most people haven’t. But stick with me…) …