This article analyzes a series of DNG image exploits discovered between July 2024 and February 2025, targeting the Quram library on Samsung devices. The exploits bypassed security by leveraging WhatsApp to deliver malicious images, ultimately aiming to execute code within a specific Samsung system service.

Threat actors are using a recently patched vulnerability in Microsoft WSUS, known as CVE-2025-59287, to distribute ShadowPad malware. This backdoor, linked to Chinese hacking groups, allows attackers to execute commands and install additional malicious tools on compromised systems.

A serious vulnerability in the GNU InetUtils telnet daemon allows attackers to gain root access with a simple command, going unnoticed for nearly 11 years. Security experts urge users to update or replace telnetd, as exploitation attempts are already underway. National cybersecurity agencies recommend decommissioning telnet services due to their inherent risks.

Ransomware gangs are actively exploiting the VMware ESXi flaw CVE-2025-22225, which allows attackers to escape the VMX sandbox. Researchers found evidence of a toolkit used in these attacks, indicating that the vulnerabilities were known to the threat actors long before their public disclosure. CISA has confirmed the flaw's involvement in ongoing ransomware incidents.

A high-severity path traversal vulnerability was found in Docker Compose's support for OCI artifacts, allowing attackers to write arbitrary files on the host system. This flaw could be triggered by running commands like "docker compose ps" with malicious Compose files, potentially leading to unauthorized access. Users are urged to upgrade to Docker version v2.40.2 or later to mitigate the issue.

Balancer reported that a rounding error in its swap logic led to a major exploit on November 3, draining over $128 million from its Composable Stable Pools across various networks. The flaw allowed attackers to manipulate pool balances and extract funds before emergency measures were implemented to contain the damage.

Two critical 0-day vulnerabilities in NetSupport Manager allow attackers to execute code remotely without authentication. This exploit can compromise industrial control systems, enabling lateral movement within networks. Organizations are urged to upgrade to the latest version to mitigate risks.

A zero-day vulnerability affecting Fortinet devices has been identified, allowing attackers to create admin-level user accounts through a specific HTTP POST request. The exploit targets FortiWeb versions below 8.0.2, and multiple source IPs and credential combinations have been linked to the attack. Users should investigate their devices, especially if management interfaces are exposed.

This article discusses security vulnerabilities found in Command & Conquer: Generals, particularly in its online multiplayer functionality. The authors detail a memory corruption issue that allows for remote code execution, demonstrating the exploit with a custom worm. They also provide insights into the game's network architecture and packet structure.

This article details a critical vulnerability in OpenClaw, an open-source AI assistant, that allows an attacker to execute remote code with a single click. By exploiting logic flaws in the app's code, the attacker can hijack user data and bypass security measures. Users are urged to update to the latest version to protect against this exploit.

Chinese-speaking hackers used a compromised SonicWall VPN to access VMware ESXi systems, exploiting three zero-day vulnerabilities for potential ransomware attacks. Cybersecurity firm Huntress intervened before the attack could escalate, revealing a sophisticated toolkit that enables virtual machine escapes and backdoor access.

Aevo's legacy Ribbon Finance vaults were exploited for $2.7 million on December 12, following a problematic oracle upgrade. The upgrade allowed users to manipulate prices of new assets, enabling the attacker to drain funds primarily in ETH and stablecoins across multiple wallets.

A security audit by Google and Intel uncovered five vulnerabilities in Intel's TDX technology, including one severe flaw (CVE-2025-30513) that allows an attacker to fully compromise the system. Intel has issued patches for these vulnerabilities, which can lead to privilege escalation and information disclosure.

A serious vulnerability in n8n allows authenticated users to execute arbitrary commands on the host system. This flaw, tracked as CVE-2025-68668, affects versions 1.0.0 to just before 2.0.0 and has been fixed in the latest release. Users are advised to implement specific workarounds until they upgrade.

A serious vulnerability in 7-Zip, tracked as CVE-2025-11001, allows attackers to execute arbitrary code by exploiting how older versions handle ZIP files. Although active exploitation hasn't been seen yet, a public proof-of-concept increases the risk of future attacks, especially on Windows systems with privileged accounts. Users must manually update to version 25.01 to mitigate the threat.

This article details a vulnerability in Kubernetes where service accounts with nodes/proxy GET permissions can execute commands in any Pod across reachable Nodes. This issue arises from how the Kubelet authorizes WebSocket connections, potentially leading to full cluster compromise without proper logging.

This article discusses the MongoBleed vulnerability (CVE-2025-14847), which allows attackers to read sensitive data from the heap memory of MongoDB databases. The vulnerability affects all versions since 2017 and can be exploited without authentication, posing significant risks to publicly-accessible instances.

The article details the discovery of a stack overflow vulnerability in the PS VR2's USB authentication process, allowing users to downgrade firmware. By exploiting this flaw, users can access older, more vulnerable firmware versions for potential modifications. The author shares their research process and the eventual implementation of the exploit.

The DeFi protocol Balancer may have been exploited, with over $128.6 million in assets withdrawn from its vaults. The issue appears linked to a faulty smart contract check, and the attack is reportedly ongoing across multiple chains. Balancer is investigating the situation and has confirmed the exploit.

A critical vulnerability in the Telemessage SGNL messaging platform is being actively exploited by attackers, posing significant security risks to users. The flaw allows unauthorized access to sensitive data, urging users to update their systems and take precautionary measures immediately. Cybersecurity experts are warning about the potential for widespread abuse of this vulnerability if not addressed promptly.

The article discusses the SessionReaper exploit related to CVE-2025-54236, detailing its implications for session management vulnerabilities in web applications. It provides insights into how attackers can leverage this exploit to hijack user sessions and emphasizes the importance of addressing such security flaws to protect sensitive information.

The author discusses the challenge of creating a stable authenticated 0-click exploit for the Linux Kernel SMB3 Daemon (ksmbd), using real-world CVEs to demonstrate the process. They detail the selection of specific vulnerabilities, including a controlled SLUB overflow and an authenticated remote leak, to build an effective exploit chain. The article emphasizes the abundance of vulnerabilities in ksmbd and the importance of vulnerability research in developing exploits.

A new exploit known as ShadowLeak has been discovered, potentially exposing sensitive Gmail data through vulnerabilities in the ChatGPT agent. This security issue raises concerns about data privacy and the implications of AI tools on personal information safety.

The article discusses a security vulnerability known as prompt injection that can lead to remote code execution (RCE) in AI agents. It outlines the mechanisms of this exploit, the potential impact on AI systems, and the importance of implementing robust security measures to mitigate such risks. The findings underscore the need for vigilance in the development and deployment of AI technologies.

The article discusses a vulnerability discovered in the MCP (Multi-Chain Protocol) on GitHub, detailing its implications for security and potential exploits. It emphasizes the importance of addressing such vulnerabilities promptly to safeguard projects and users relying on the MCP framework.

Hackers are exploiting the CVE-2025-42957 vulnerability in SAP systems, which can lead to significant security breaches. The flaw allows unauthorized access and manipulation of sensitive data, prompting urgent updates and patches from SAP to protect affected users.

A security researcher has discovered a significant vulnerability in a signed Windows driver, referred to as the Silver Fox exploit, which is associated with the ValleyRat malware. This exploit allows attackers to bypass security mechanisms and gain unauthorized access to systems, emphasizing the need for users to ensure their drivers are from trusted sources to mitigate risks.

The article details the L1TF vulnerability affecting certain Intel CPUs, describing how it can be exploited and outlining various mitigation strategies. It highlights Google's collaborative efforts with the Linux Kernel community and VUSec researchers to address the issue, including an explanation of the L1TF Reloaded exploit and its implications for data security.

Kaspersky uncovered a cyber espionage campaign dubbed Operation ForumTroll, where sophisticated phishing emails led to infections via a zero-day exploit in Google Chrome. The malware identified, known as "Dante," was traced back to the Italian company Memento Labs and utilized advanced techniques to bypass browser security measures, highlighting ongoing vulnerabilities in web applications.

A critical vulnerability in Apache ActiveMQ has been exploited, allowing attackers to execute arbitrary code remotely. The flaw, identified as CVE-2025-XXXX, poses significant risks for users who have not applied the necessary security updates, making it imperative for organizations to secure their installations immediately.

The Loopscale DeFi protocol on Solana suffered a $5.8 million exploit just two weeks after its launch. An audit revealed critical vulnerabilities, including issues with collateral management and token handling, leading to significant financial risks.

A critical vulnerability known as "Happy Dom" has been identified, affecting various systems and applications due to improper handling of user input. Exploitation of this vulnerability could lead to unauthorized access and data breaches, prompting urgent updates and patches from developers to secure affected systems.

SetupHijack is a security research tool designed to exploit vulnerabilities in Windows installer and update processes by hijacking file drops in writable directories. It allows attackers to replace legitimate files with malicious payloads, executing them with elevated privileges without needing admin access. The tool is intended for red team, penetration testing, and security research applications, emphasizing controlled and authorized use only.

The article discusses the resurgence of browser cache smuggling techniques, specifically focusing on the use of "droppers" as a method to exploit cache mechanisms. It explores the implications for web security and the potential risks associated with these vulnerabilities in modern browsers.

A critical remote vulnerability has been discovered in MCP software, posing significant risks to users. The flaw allows attackers to exploit the system remotely, potentially leading to unauthorized access and data breaches. Immediate updates and patches are recommended to mitigate the threat.

Google has released a security update for Chrome to address multiple vulnerabilities, including a high-severity sandbox escape flaw (CVE-2025-6558) that is actively being exploited. Users are urged to update to version 138.0.7204.157/.158 to mitigate risks, as the vulnerability allows attackers to execute arbitrary code through specially crafted HTML. This marks the fifth actively exploited flaw fixed in Chrome this year, following several others related to the V8 engine and browser security.

Researchers have discovered a significant security flaw known as "ecscape" that affects various systems, potentially allowing attackers to exploit vulnerabilities and gain unauthorized access. The flaw highlights the need for immediate updates and patches to mitigate risks associated with this vulnerability.

A critical vulnerability has been identified in the MCP server that could allow attackers to execute arbitrary code. The flaw poses serious security risks, and users are urged to apply patches and updates to protect their systems from potential exploitation. Cybersecurity experts are advising immediate action to mitigate the risks associated with this vulnerability.

GMX V1 exchange has suffered a significant security breach, resulting in the loss of approximately $40 million. The exploit targeted vulnerabilities in the platform's smart contracts, raising alarms in the decentralized finance (DeFi) community regarding the safety of user assets. Investigations are ongoing to understand the full impact of the attack and measures to prevent future incidents.

A newly discovered vulnerability in the Cursors component of Microsoft Windows allows hackers to execute arbitrary code on affected systems. This flaw, identified as CVE-2023-38831, can be exploited through specially crafted files, prompting urgent updates from Microsoft to mitigate potential attacks. Users are advised to patch their systems to safeguard against this security threat.

A critical vulnerability in the OttoKit WordPress plugin is being exploited by attackers to gain administrative access to affected sites. Site administrators are urged to update to version 1.0.83, which patches both this and a previously reported vulnerability. Security firm Defiant has provided indicators of compromise to help identify signs of exploitation.

Technical details of a high-severity flaw in Cisco IOS XE WLC, identified as CVE-2025-20188, have been released, allowing potential exploitation by attackers. The vulnerability stems from a hard-coded JWT that enables unauthenticated file uploads and command execution on affected devices. Users are urged to upgrade to patched versions or disable the vulnerable feature immediately to mitigate risks.

ResupplyFi, a decentralized finance (DeFi) platform, suffered a significant exploit resulting in a loss of $96 million in Wrapped Staked Ether (wstETH). The incident has raised concerns about security vulnerabilities in DeFi protocols as the platform seeks to recover from the attack and restore user trust.