Vulnerabilities
32 posts

Millions of devices read an SD card with one small piece of code called FatFs, and researchers just found seven ways to break it. The worst one hands the whole β¦

NVIDIA GPUs with GDDR6 memory can be used to take full control of a system, including a root shell, bypassing hardware defenses that were supposed to stop β¦

eScan antivirus got hacked. Again. Same company, same update infrastructure exploited, two years apart. This time: hundreds of machines infected in a 2-hour β¦

Notepad++ delivered malware for six months. From June to December 2025, the update system was compromised. Millions of people use this software. Some of them β¦

Three names in four days! This AI assistant was Clawdbot, then Moltbot, and now OpenClaw. 1,800 exposed instances leaking API keys, passwords, and private β¦

175,000 AI servers wide open to the internet. 130 countries. Attackers are selling access to other people’s hardware at a 50% discount, and using it for β¦

An AI just found 12 zero-day vulnerabilities in OpenSSL. All 12. In a single release. One of those bugs is older than OpenSSL itself, sitting in the code since β¦

A 52-year-old tape just revealed a buffer overflow that looks exactly like the bugs we’re still finding today. π In July 2025, someone found a magnetic β¦

100,000 servers. One HTTP header change. Full admin access. No password required. They call it “Ni8mare.” CVSS 10.0. The patch existed for 7 weeks. β¦

Notion AI steals data before the user clicks OK. 100 million users. 4 million paying customers. Amazon. Nike. Uber. Pixar. More than half of Fortune 500 β¦

Two Chrome extensions. 900,000 users. Every ChatGPT and DeepSeek conversation stolen. Sent to attacker servers every 30 minutes. Google gave one of them a β¦

$5 buys two months of complete access to someone’s computer. Keylogging, webcam, passwords, files. The malware is called DCRat. The delivery method: a β¦

β¬7.68 billion budget. 3,000 staff. A brand new Cyber Security Operations Centre opened. A hacker spent 7 days inside their systems downloading 200GB of data. β¦

A botnet just fired 1.7 billion DDoS commands in 72 hours. Attack capacity: nearly 30 Terabits per second. 2 million Android TV boxes sitting in living rooms β¦

A 16-year-old built an AI that mass-hunts memory bugs. It found 6 vulnerabilities in FFmpeg in December. One was a heap buffer overflow in the EXIF parser. The β¦

Your headphones just became a backdoor to your phone. No pairing. No popup. Just Bluetooth range. 70 million chips. Sony. Bose. Marshall. JBL. A debug protocol β¦

RondoDox added React2Shell to its arsenal. 90,000+ servers. 56 vulnerabilities. 30+ vendors. They call it the “exploit-shotgun” approach. Fire β¦

The crypto library behind Discord, WordPress, and Zcash just got its first CVE. After 13 years. π libsodium. You’ve probably never heard of it. But β¦

WIRED magazine got hacked. 2.3 million subscriber records leaked. And this is just the beginning. π A hacker called “Lovely” dumped the database on β¦

You log into your game. Suddenly, you got $13.3 million in your account. π₯³ You didn’t earn it. Neither did 30 million other players. December 27, 2025. β¦

You trust your database to keep your data safe. MongoDB just proved it doesn’t. 87,000 servers are leaking memory to anyone who asks. π December 2025. β¦

You buy a firewall to protect your network. In one month, two different authentication bypasses are being actively exploited. One is five years old. One is β¦

Attackers are targeting security researchers through GitHub. You downloaded a proof-of-concept exploit from GitHub. Professional README. Detailed instructions. β¦

Apple’s security team reviewed this app. Approved it. But now it steals your passwords, crypto wallets, and Telegram account. π³ Hundreds of Macs infected β¦

56,000 downloads. 6 months online. A WhatsApp library on npm was stealing credentials, messages, and contacts. Nobody noticed. π€ The package is called β¦

Wildcards, I would like to highlight the use of Wildcards, because they are incredibly important, especially for “hacking-related and some β¦

Tentacle is a POC vulnerability verification and exploits framework. It supports a free extension of exploits and uses POC scripts. It supports calls to β¦

Β Shodan Command line in this article and video, I show you what you can do, and the benefit of using the Shodan command line in your terminal. Searching for β¦

DARK EAGLE is an all in one tool for Information Gathering and Vulnerability Scanning written in PHP by NANDYDARK. In the video down below, you can see how to β¦

The end of Windows 7 is rapidly approaching. After January 14, 2020, Microsoft will no longer provide security updates or support for Windows 7..! So what β¦