1click-gh-token-stealing-via-vscode-POC

1-Click GitHub Token Stealing via VSCode Proof-of-Concept exp...

Zero-Day Exploit Against Windows BitLocker

It's nasty, but it requires physical access to the computer: The exploit, named YellowKey, was published earlier this week by a researcher who goes by the alias Nightmare-Eclipse. It reliably bypasses default Windows 11 deployments of BitLocker, the full-volume encryption protection Microsoft...

The Machine Found It First. The Machine Will Exploit It Next.

& For decades, the question behind every CVE has been "who found it, and how fast can attackers catch up?" As of May 12, 2026, the question has flipped. Machines found the bug. Machines will weaponize the next one. The race is no longer human-versus-human with a stopwatch. Discovery Discovery...

PT-2026-40427

Name of the Vulnerable Software and Affected Versions Fuji Tellus affected versions not specified Description The installation of Fuji Tellus adds a driver to the kernel that grants all users read and write permissions. This improper driver permission allows for privilege escalation from a user...

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence AI system, marking the first time the technology has been put to use in the wild in a malicious context for vulnerability discovery and...

⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More

Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming to light. It is one of those mornings...

Vulnerabilities fixed in Microsoft Windows

Microsoft fixed vulnerabilities in Windows A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges - Executio...

📄 Microsoft MMC MSC EvilTwin Local Admin Creation

Microsoft MMC MSC EvilTwin local admin creation exploit. !/usr/bin/env python3 Exploit Title: Microsoft MMC MSC EvilTwin - Local Admin Creation Date: 2025-11-22 Author: Mohammed Idrees Banyamer Author Country: Jordan GitHub: https://github.com/mbanyamer Vendor Homepage: https://www.microsoft.com...

⚡ Weekly Recap: SD-WAN 0-Day, Critical CVEs, Telegram Probe, Smart TV Proxy SDK and More

This week is not about one big event. It shows where things are moving. Network systems, cloud setups, AI tools, and common apps are all being pushed in different ways. Small gaps in access control, exposed keys, and normal features are being used as entry points. The pattern becomes clear only...

New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released

Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity vulnerability, tracked as CVE-2026-2441 CVSS score: 8.8, has been described as a use-after-free bug in CSS. Security researcher Shaheen Fazim...

Exploit for Protection Mechanism Failure in Microsoft

CVE-2026-21510 - Windows Shell Security Feature Bypass Vulnera...

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Campaign

The Cyber Security Agency CSA of Singapore on Monday revealed that the China-nexus cyber espionage group known as UNC3886 targeted its telecommunications sector. "UNC3886 had launched a deliberate, targeted, and well-planned campaign against Singapore's telecommunications sector," CSA said. "All...

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088

Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. "Discovered and patched in July 202...

Microsoft January 2026 Patch Tuesday: 115 Vulnerabilities Fixed

Microsoft kicks off 2026 with 115 security updates, including a fix for an actively exploited zero-day. Protect your Windows and Office systems today...

PT-2026-2856

Name of the Vulnerable Software and Affected Versions Substance3D - Stager versions 3.1.6 and earlier Description A flaw exists in Substance3D - Stager that involves an out-of-bounds read when processing a specially crafted file. This could allow an attacker to read beyond the boundaries of...

CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency CISA has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known Exploited Vulnerabilities KEV catalog. The vulnerability, tracked as CVE-2025-8110 CVSS score: 8.7, relates to a case of path...

PT-2025-52388

Name of the Vulnerable Software and Affected Versions Hugging Face smolagents affected versions not specified Description A flaw exists in Hugging Face smolagents that allows remote attackers to execute arbitrary code on affected systems. Authentication is not required for exploitation. The issue...

Gogs 0-Day Exploited in the Wild

Wiz Threat Research has observed exploitation in-the-wild of CVE-2025-8110...

Exploit for Improper Neutralization in Microsoft

CVE-2025-26633 - Microsoft Management Console .msc EvilTwin...

Fake 0-Day Exploit Emails Trick Crypto Users Into Running Malicious Code

Bolster AI reveals a new scam using a simple JS code via Emkei's Mailer to fake 37% profits and steal crypto. Act fast to secure your wallet...