Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device—over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable—meaning radio-proximity exploits could spread from one nearby device to another, once again,… Read More

The United Nations is at odds with the world’s most notorious spyware company over an age-old question: Who built the tech that hacked Amazon CEO Jeff Bezos’s cell phone, allegedly by sending him a poisoned WhatsApp message from the Crown Prince of Saudi Arabia? Bezos has a conflicted relationship with the Saudi royal family. As… Read More

Late in March 2018, ESET researchers identified an interesting malicious PDF sample. A closer look revealed that the sample exploits two previously unknown vulnerabilities: a remote-code execution vulnerability in Adobe Reader and a privilege escalation vulnerability in Microsoft Windows. The use of the combined vulnerabilities is extremely powerful, as it allows an attacker to execute… Read More

For the first time, researchers have exploited the Rowhammer memory-chip weakness using nothing more than network packets sent over a local area network. The advance is likely to further lower the bar for triggering bit flips that change critical pieces of data stored on vulnerable computers and servers. Until now, Rowhammer exploits had to execute… Read More

Within just 10 days of the disclosure of two critical vulnerabilities in GPON router at least 5 botnet families have been found exploiting the flaws to build an army of million devices. Security researchers from Chinese-based cybersecurity firm Qihoo 360 Netlab have spotted 5 botnet families, including Mettle, Muhstik, Mirai, Hajime, and Satori, making use… Read More

In one video uploaded to Vimeo, Gleg shows an exploit being used against a hospital health information management system (HHIMS). A list of MedPack updates includes a zero-day to replace files in a piece of software from a company called MediTEX. MediTEX makes scheduling software as well as a platform for documenting therapy and quality… Read More