Posts
A physical flaw in the USB controller of Apple's A12 and A13 chips allows unsigned code execution within SecureROM, with no possibility of a software fix.
obeedt, OscarRV, LuisZavMen
A novice attacker compromised a French small business and, before his Command and Control server went down, installed Tailscale and OpenSSH to secure his way back in. Access survived 18 days without the C2. Cato Networks documented the operation command by command.
obeedt, OscarRV, LuisZavMen
Anthropic pulled its Mythos-class models, Fable 5 and Mythos 5, offline worldwide just 72 hours after launch, following a U.S. government export-control directive tied to a jailbreak.
obeedt, OscarRV, LuisZavMen
A misplaced exclamation mark (`!`) inside `nft_map_catchall_activate()` inverts the validation logic in nf_tables, allowing any unprivileged local user to trigger a Use-After-Free, corrupt kernel memory, and escalate to root.
obeedt, OscarRV, LuisZavMen
A zero-day exploit released hours after Microsoft's largest Patch Tuesday on record allows any local user to obtain SYSTEM privileges on fully patched Windows 10 and 11 systems by abusing the Microsoft Defender engine itself.
obeedt, OscarRV, LuisZavMen
CVE-2026-20245. A privilege escalation flaw under active exploitation in Cisco Catalyst SD-WAN Manager, with no patch available, that allows an attacker to execute arbitrary commands as root through command injection in the CLI.
obeedt, OscarRV, LuisZavMen