Topic: security researchers
-
Hackers Exploit 29 Zero-Days at Pwn2Own Automotive
The Pwn2Own Automotive 2026 hacking competition awarded nearly half a million dollars on its second day, highlighting the critical need to secure modern vehicle systems like EV chargers and infotainment units. Leading team Fuzzware.io earned $213,000, including $95,000 for exploiting zero-day fla...
Read More » -
Portugal's New Cybercrime Law Shields Security Researchers
Portugal has enacted a safe harbor law, exempting ethical cybersecurity research from prosecution if it is conducted responsibly and without seeking economic benefit. The law requires researchers to act proportionally, avoid harmful methods like data theft, and confidentially report vulnerabiliti...
Read More » -
India's Income Tax Portal Security Flaw Exposed Taxpayer Data
A security flaw on India's official income tax e-Filing portal allowed logged-in users to access other taxpayers' confidential data, including bank details and government ID numbers, by manipulating web requests. The vulnerability, identified as an insecure direct object reference (IDOR), was rep...
Read More » -
Beware: Fake Spam Filter Alerts Invading Inboxes
A new phishing scam tricks users with fake alerts about spam filters blocking legitimate emails, urging them to click links to release messages, posing serious security risks. These deceptive emails mimic official communications, redirecting users to counterfeit login pages that steal credentials...
Read More » -
DJI Robovac Security Flaw Exposed Thousands to Remote Access
A hobbyist accidentally discovered a major security flaw in DJI's Romo vacuum, allowing remote access to thousands of devices globally and exposing sensitive data like live camera feeds and home floor plans. DJI patched the vulnerability after notification, attributing it to a server permission i...
Read More » -
Urgent SolarWinds Web Help Desk Patch Fixes Critical RCE Flaws
SolarWinds has urgently patched multiple critical vulnerabilities in its Web Help Desk software, strongly advising all customers to immediately upgrade to version 2026.1 to mitigate risks like remote code execution. The critical flaws, discovered by external researchers, include authentication by...
Read More » -
Synology Patches Critical BeeStation Flaws Exposed at Pwn2Own
Synology released a critical security update for BeeStation devices to fix a remote code execution vulnerability (CVE-2025-12686) caused by an unchecked buffer copy operation. The flaw was exploited live at Pwn2Own Ireland 2025, earning researchers a $40,000 prize, and users must upgrade to BeeSt...
Read More » -
Cindy Cohn Leaves EFF, Continues Digital Rights Fight
Cindy Cohn is stepping down as executive director of the Electronic Frontier Foundation after 25 years, during which she led key battles for digital rights, privacy, and encryption. She played a pivotal role in landmark cases like Bernstein v. Department of Justice and emphasized encryption's imp...
Read More » -
AI's Dark Side: How It's Fueling a Surge in Online Crime
AI is amplifying cybercrime by making attacks more sophisticated, scalable, and accessible, lowering the technical barrier for less skilled criminals and shifting the threat from theoretical to operational. While fears of fully autonomous AI hackers are often exaggerated, real-world use is alread...
Read More » -
New npm Malware Hijacks Browsers for Crypto Scams
A malware campaign using seven npm packages hijacked browsers to redirect users to cryptocurrency scams, employing cloaking and anti-analysis techniques to evade detection. The malicious packages automatically executed upon installation, collecting device fingerprints and using the Adspect API to...
Read More » -
Exploit Alert: Critical Adobe Experience Manager Flaw (CVE-2025-54253)
A critical security flaw (CVE-2025-54253) in Adobe Experience Manager Forms allows unauthenticated attackers to execute remote code, prompting CISA to flag it due to active exploitation. The vulnerability arises from Apache Struts "devMode" being enabled in the administrative interface combined w...
Read More » -
Broadcom Patches Critical VMware Security Flaws
Broadcom has released critical security updates for VMware NSX and vCenter to address multiple high-severity vulnerabilities that could enable cyberattacks on enterprise systems. Among the vulnerabilities, CVE-2025-41250 is an SMTP header injection flaw in vCenter, while CVE-2025-41251 and CVE-20...
Read More » -
Cloudflare Outage Linked to React2Shell Mitigation Efforts
A widespread Cloudflare outage was caused by an emergency security patch for a critical, actively exploited vulnerability (React2Shell/CVE-2025-55182) in React Server Components, not by a cyberattack. The update, intended to block exploitation attempts, inadvertently failed and disrupted about 28...
Read More » -
Urgent Windows SMB Flaw Actively Exploited, CISA Warns
A critical Windows SMB vulnerability (CVE-2025-33073) is being actively exploited, allowing attackers to gain full SYSTEM-level control over unpatched systems. The flaw affects a wide range of Microsoft operating systems, including Windows Server, Windows 10, and Windows 11 up to version 24H2, an...
Read More » -
Kremlin's Top Hack Groups Now Collaborating, ESET Warns
Two Russian state-sponsored hacking groups, Turla and Gamaredon, are now collaborating in attacks against Ukrainian targets, escalating their coordination and capabilities. Turla is a sophisticated group known for stealthy, long-term intrusions against high-value targets, while Gamaredon conducts...
Read More » -
Apple Offers Up to $5 Million for Bug Bounty Rewards
Apple has increased its bug bounty rewards to up to $5 million, doubling the base reward to $2 million for sophisticated exploit chains, to counter advanced threats like mercenary spyware. The program now includes bonuses for bypassing Lockdown Mode and finding pre-release software vulnerabilitie...
Read More » -
Microsoft Patches 3 Zero-Days, 57 Flaws in December Update
Microsoft's December 2025 Patch Tuesday addressed 57 vulnerabilities, including three critical remote code execution flaws and three zero-day issues. One zero-day (CVE-2025-62221) is actively exploited, allowing local privilege escalation, while two others were publicly disclosed before patching....
Read More »