51 matches found
CVE-2026-45035
Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or...
CVE-2026-45035 Tabby: RCE via `tabby://run` URL Scheme
Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supports a run command that directly executes OS commands with no user confirmation, sanitization, or...
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
Posted by Seth Jenkins We recently published an exploit chain for the Google Pixel 9 that demonstrated it was possible to go from a zero-click context to root on Android in just two exploits. The Dolby 0-click vulnerability existed across all of Android, until it was patched in January 2026. Whil...
Exploit for Incorrect Implementation of Authentication Algorithm in Google Android
CVE-2026-0073 — Android ADB TLS Authentication Bypass A proof...
Exploit for Use After Free in Microsoft
LetsDefend SOC336: Windows OLE Zero-Click RCE Exploitation Det...
zero-click-exploit-analysis
Zero-Click, Old Tricks Anatomy of the 2025 WhatsApp–ImageIO z...
Exploit for CVE-2026-34159
CVE-2026-34159 0 Click RCE exploit for CVE-20...
Exploit for Integer Overflow or Wraparound in Apple Ipados
Coruna: Full-Chain Safari/WebKit Exploit Kit Research & Ana...
Exploit for Use After Free in Apple Safari
CTT-Apple-Silicon-Refraction webkitrefraction.js The 33-Laye...
Exploit for Improper Authentication in Prestashop Prestashop_Checkout
CVE-2025-61922 Exploit: PrestaShop Checkout Account Takeover...
New GeminiJack 0-Click Flaw in Gemini AI Exposed Users to Data Leaks
Google AI systems Gemini Enterprise had a critical 'GeminiJack' security flaw allowing attackers to steal Gmail, Docs, and Calendar data with no clicks...
WhatsApp Patches Zero-Click Exploit Targeting iOS and macOS Devices
WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks. The vulnerability, CVE-2025-55177 CVSS score: 5.4, relates to a case of...
Exploit for Use After Free in Apple Ipados
Glass Cage: Zero-Click PNG Exploit Chain for iOS 18.2.1 CVE...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
NTLM/SMB Hardening & Threat Hunt Toolkit Author: w01f...
AgentFlayer 0-click exploit abuses ChatGPT Connectors to Steal 3rd-party app data
AgentFlayer is a critical vulnerability in ChatGPT Connectors. Learn how this zero-click attack uses indirect prompt injection to…...
Exploit for Use After Free in Microsoft
🛑 CVE-2025-21298 – Critical Zero-Click RCE in Microsoft Window...
Preventing Zero-Click AI Threats: Insights from EchoLeak
A zero-click exploit called EchoLeak reveals how AI assistants like Microsoft 365 Copilot can be manipulated to leak sensitive data without user interaction. This entry breaks down how the attack works, why it matters, and what defenses are available to proactively mitigate this emerging AI-nativ...
Paragon Spyware Used to Spy on European Journalists
Paragon is an Israeli spyware company, increasingly in the news now that NSO Group seems to be waning. "Graphite" is the name of its product. Citizen Lab caught it spying on multiple European journalists with a zero-click iOS exploit: On April 29, 2025, a select group of iOS users were notified b...
NICKNAME: Zero-Click iMessage Exploit Targeted Key Figures in US, EU
iVerify's NICKNAME discovery reveals a zero-click iMessage flaw exploited in targeted attacks on US & EU high-value individuals…...
Report on Paragon Spyware
Citizen Lab has a new report on Paragon's spyware: Key Findings: Introducing Paragon Solutions. Paragon Solutions was founded in Israel in 2019 and sells spyware called Graphite. The company differentiates itself by claiming it has safeguards to prevent the kinds of spyware abuses that NSO Group...