An Exploit ... in CSS?!
• Ok, take a deep breath • We’ll have some fun understanding this vulnerability once you make sure your browser isn’t affected, using the table below • Chromium-based browser | Am
Exploit
Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker
• Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker February 25, 2026 03:21 AM 0 The former head of Trenchant, a specialized U.S. • defense contractor unit, w
Millions in crypto funded tools to exploit U.S. software, Treasury says in new sanctions
• Millions in crypto funded tools to exploit U.S. • software, Treasury says in new sanctions An Australian national was said to sell cyber tools designed for the U.S. • government
The top 5 sources of secret sprawl, and how attackers exploit them
• The top 5 sources of secret sprawl, and how attackers exploit them Chandni Patel Risk & compliance Secrets & identity management Vault Radar Jan 28, 2026 Chandni Patel Share arti
Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb
• Cybersecurity researchers have disclosed details of a new cryptojacking campaign that uses pirated software bundles as lures to deploy a bespoke XMRig miner program on compromise
IoTeX hit by private key exploit draining around $2 million from bridge contracts, per co-founder
• IoTeX co-founder Raullen Chai said losses are ‘significantly lower’ than circulating estimates, but has not provided a specific figure.
How AI is helping retail traders exploit prediction market 'glitches' to make easy money
• How AI is helping retail traders exploit prediction market ‘glitches’ to make easy money A fully automated bot quietly captured micro-arbitrage opportunities on short-term crypto
LA County sues Roblox over 'business practices that endanger and exploit children'
• Business News LA County sues Roblox over ‘business practices that endanger and exploit children’ The suit alleges that Roblox failed to protect children from predatory behavior.
Update: LA County sues Roblox over 'business practices that endanger and exploit children'
• Business News Update: LA County sues Roblox over ‘business practices that endanger and exploit children’ The suit alleges that Roblox failed to protect children from predatory be
The top 5 sources of secret sprawl, and how attackers exploit them
• The top 5 sources of secret sprawl, and how attackers exploit them Chandni Patel Risk & compliance Secrets & identity management Vault Radar Jan 28, 2026 Chandni Patel Share arti
Telegram channels expose rapid weaponization of SmarterMail flaws
• SmarterMail CVE-2026-24423 and CVE-2026-23760 enable remote code execution and auth bypass. • Attackers weaponized these flaws within days of disclosure, sharing exploits on Tele
Moonwell hit by $1.78M exploit as AI vibe coding debate reaches DeFi
• Moonwell hit by $1.78M exploit as AI vibe coding debate reaches DeFi The exploit saw the Moonwell protocol exploited for $1.78 million after cbETH was mispriced at $1.12 instead
Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy - Again
• Endpoint Security Cyberattacks & Data Breaches Vulnerabilities & Threats Perimeter News Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy - Again It’s time to phase out the ‘patch a
Nation-State Actors Exploit Notepad++ Supply Chain
• Executive Summary Between June and December 2025, the official hosting infrastructure for the text editor Notepad++ was compromised by a state-sponsored threat group known as Lot
Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529
• CVE-2024-54529: type confusion in CoreAudio’s com.apple.audio.audiohald Mach service, causing crashes. • Exploitation involved manipulating Mach messages to fetch wrong HALS_Obje
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
• With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland conte
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
• With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland conte
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
• Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. • One effect of this change
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
• Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. • One effect of this change
Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)
• Multiple Threat Actors Exploit React2Shell (CVE-2025-55182) Google Threat Intelligence Group Google Threat Intelligence Visibility and context on the threats that matter most. •
A look at an Android ITW DNG exploit
• Introduction Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. • Thanks to a lead from Meta, these samples came to the attention of Googl
A look at an Android ITW DNG exploit
• Introduction Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. • Thanks to a lead from Meta, these samples came to the attention of Googl
Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing
• In April of 2025, my colleague Mat Powell was hunting for vulnerabilities in Autodesk Revit 2025. • While fuzzing RFA files, he found the following crash (CVE-2025-5037 / ZDI-CAN