Vulnerabilities in a Bluetooth chipset used in 29 audio devices from various vendors can be exploited for eavesdropping and information theft. Researchers disclosed three flaws that allow attackers to hijack connections, initiate calls, and potentially access call history and contacts, although attacks require technical expertise and close physical proximity. Device manufacturers are working on patches, but many affected devices have not yet received updates.

Pwn2Own Berlin 2025 concluded with a total award of $1,078,750, surpassing the million-dollar mark. The STAR Labs SG team won the Master of Pwn title, earning $320,000, while various participants showcased their exploits across different platforms, including Windows 11 and NVIDIA technologies. Notably, 28 unique 0-day vulnerabilities were disclosed during the event.

Four critical vulnerabilities discovered at the Pwn2Own Berlin 2025 hacking competition have been patched in various VMware products, with hackers earning over $340,000 for their exploits. Broadcom, the parent company of VMware, confirmed that there is no evidence these flaws have been exploited in the wild.

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, which are being actively exploited in targeted attacks. The vulnerabilities include two critical flaws related to memory corruption and a high-severity use-after-free issue, with updates provided to OEMs to address these risks. Additionally, Qualcomm has addressed other security flaws in its systems that could allow unauthorized access to sensitive user information.

The article discusses the vulnerabilities associated with cross-site WebSocket hijacking and the potential exploits that could arise in 2025. It highlights the risks of unauthorized access and the importance of implementing security measures to mitigate these threats in web applications.

Generative AI models, such as OpenAI's GPT-4, are enabling rapid development of exploit code from vulnerability disclosures, reducing the time from flaw announcement to proof-of-concept to mere hours. Security experts have observed a significant increase in the speed at which vulnerabilities are exploited, necessitating quicker responses from defenders in the cybersecurity landscape. This shift underscores the need for enterprises to be prepared for immediate action upon the release of new vulnerabilities.

A repository has been created to preserve exploit data from the now-defunct 0day.today, which previously hosted a vast collection of proof-of-concept (PoC) exploits for various vulnerabilities. The effort aims to maintain access to historical information crucial for security research and analysis, especially for vulnerabilities poorly documented elsewhere. The repository includes an organized archive with categorized entries for easier access and understanding.

The Model Context Protocol (MCP) is an emerging standard for connecting large language models to external tools, but it presents significant security vulnerabilities such as prompt injection and orchestration exploits. These vulnerabilities can lead to data exfiltration and system compromise, highlighting the need for robust security precautions and detection methods. The article discusses various attack techniques and provides examples of potential exploits along with recommended defenses.