Vulnerabilities in a Bluetooth chipset used in 29 audio devices from various vendors can be exploited for eavesdropping and information theft. Researchers disclosed three flaws that allow attackers to hijack connections, initiate calls, and potentially access call history and contacts, although attacks require technical expertise and close physical proximity. Device manufacturers are working on patches, but many affected devices have not yet received updates.

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, which are being actively exploited in targeted attacks. The vulnerabilities include two critical flaws related to memory corruption and a high-severity use-after-free issue, with updates provided to OEMs to address these risks. Additionally, Qualcomm has addressed other security flaws in its systems that could allow unauthorized access to sensitive user information.

The article discusses the vulnerabilities associated with cross-site WebSocket hijacking and the potential exploits that could arise in 2025. It highlights the risks of unauthorized access and the importance of implementing security measures to mitigate these threats in web applications.

The Model Context Protocol (MCP) is an emerging standard for connecting large language models to external tools, but it presents significant security vulnerabilities such as prompt injection and orchestration exploits. These vulnerabilities can lead to data exfiltration and system compromise, highlighting the need for robust security precautions and detection methods. The article discusses various attack techniques and provides examples of potential exploits along with recommended defenses.