Tag

Exploit

All articles tagged with #exploit

Forza Horizon 6 Clamps Down on Hummer Credit Exploit, Restores Accounts and Grants Free Car
games25 days ago

Forza Horizon 6 Clamps Down on Hummer Credit Exploit, Restores Accounts and Grants Free Car

Players used a specific Hummer glitch in Forza Horizon 6’s Eliminator mode to earn tens of millions of credits in minutes. Playground Games temporarily removed Eliminator, then said it would delete the ill-gotten credits and reset affected accounts to a maximum of 10 million. No bans were issued, and all players will receive a free 2021 McLaren Sabre once the mode returns after a hotfix.

GreatXML Bypass Unlocks BitLocker via WinRE XML Files
security1 month ago

GreatXML Bypass Unlocks BitLocker via WinRE XML Files

Security researcher Chaotic Eclipse unveiled GreatXML, a new Windows BitLocker bypass that places crafted unattend.xml and Recovery/WindowsRE/ReAgent.xml on the recovery partition and, after rebooting into WinRE, spawns a shell with unrestricted access to the BitLocker volume. It builds on a recent Defender-related exploit and is the second BitLocker bypass from the researcher, with Microsoft having patched a prior bypass (YellowKey CVE-2026-45585) this Patch Tuesday.

Chrome Patches Wildly Exploited V8 Zero-Day CVE-2026-11645
security1 month ago

Chrome Patches Wildly Exploited V8 Zero-Day CVE-2026-11645

Google rolled out updates to fix 74 Chrome vulnerabilities, including CVE-2026-11645—a critical out-of-bounds read/write in V8 that is being exploited in the wild to execute arbitrary code via a crafted HTML page. Users should update to Chrome 149.0.7827.102/103 on Windows/macOS and 149.0.7827.102 on Linux, and apply fixes in other Chromium-based browsers as available. Google notes this is the fifth actively exploited Chrome zero-day addressed this year, alongside CVE-2026-2441, 2026-3909, 2026-3910, and 2026-5281.

Public exploit for long-unpatched Chromium flaw threatens millions
technology1 month ago

Public exploit for long-unpatched Chromium flaw threatens millions

Google published exploit code for a long-unpatched Chromium vulnerability that uses the Browser Fetch API to trigger a persistent backdoor via malicious sites, potentially turning millions of Chromium-based browsers into a botnet; disclosed in 2022 and rated S1, the flaw remained unfixed for 29 months, affecting Chrome, Edge and other Chromium-based browsers while Firefox and Safari are unaffected.

Zero-Day Bypass Lets Attackers Crack Windows 11 BitLocker TPM in Seconds
technology1 month ago

Zero-Day Bypass Lets Attackers Crack Windows 11 BitLocker TPM in Seconds

A zero-day named YellowKey bypasses Windows 11’s default TPM-only BitLocker protection by exploiting a crafted FsTx/Transactional NTFS folder on a USB drive, enabling a CMD prompt and full drive access during Windows Recovery without needing the BitLocker key. Microsoft is investigating. The flaw highlights that TPM-only BitLocker may be insufficient security, with experts recommending BIOS passwords and PINs in addition to TPM protections.

Two-Decade Glitch Unlocks Bully's BB Rifle in Free Roam
gaming2 months ago

Two-Decade Glitch Unlocks Bully's BB Rifle in Free Roam

A YouTuber named JustGarrison demonstrates a glitch that lets Bully players bring the BB rifle into free roam, a weapon normally limited to the shooting range; the exploit works without mods and can damage NPCs, hinting the rifle was either unfinished or cut during development. Rockstar apparently didn’t intend for it to be used outside the minigame, likely due to safety concerns given Bully’s school setting.

technology2 months ago

Rogue researcher releases second Windows Defender exploit, threatens more RCEs

A rogue researcher, Nightmare-Eclipse, released a second Windows Defender privilege-escalation exploit (RedSun) after Microsoft patched the first CVE-2026-33825 vulnerability. The PoC allegedly lets unprivileged users gain SYSTEM privileges by abusing Defender to overwrite system files; the researcher warns of more remote code execution exploits to come. Microsoft patched the flaw on Patch Tuesday and credited Zen Dodd and Yuanpei Xu, while the researcher continues to air grievances and threaten further disclosures.

Adobe patches Acrobat/Reader zero-day exploited through PDFs
security2 months ago

Adobe patches Acrobat/Reader zero-day exploited through PDFs

Adobe has issued an emergency security update for Acrobat and Reader to fix CVE-2026-34621, a zero-day that allowed malicious PDFs to bypass sandboxing and run privileged JavaScript, enabling arbitrary file reading and data exfiltration; the flaw was observed in the wild, linked to Russian-language oil-and-gas documents, with affected products including Acrobat DC, Acrobat Reader DC, and Acrobat 2024; Adobe downgraded the severity from 9.6 to 8.6 after changing the attack vector to local, and users should update via Help > Check for Updates or the official installer; exercise caution with PDFs from unknown sources and consider sandboxing suspicious files.

DarkSword Goes Public: iPhone Data-Stealing Exploit Released
technology3 months ago

DarkSword Goes Public: iPhone Data-Stealing Exploit Released

DarkSword, a web-based iPhone exploit, has been released on GitHub and is reportedly used by Russia-linked groups to compromise iPhones simply by visiting a compromised site; it targets iOS versions 18.4–18.6.2, exfiltrates data quickly, and does not require malware installation. Lookout and iVerify link it to the same infrastructure as earlier campaigns, with Google noting deployment by UNC6353 on Ukrainian government sites. Apple has issued a critical security update and urged users to update or enable Lockdown Mode; devices on older iOS versions should upgrade to newer releases (iOS 15 for 13/14).

Chrome patches two in-the-wild zero-days hit Skia and V8
technology4 months ago

Chrome patches two in-the-wild zero-days hit Skia and V8

Google released Chrome security updates to fix two high-severity zero-days exploited in the wild: CVE-2026-3909 (out-of-bounds write in Skia) and CVE-2026-3910 (V8 sandbox escape). Users should update to Chrome 146.0.7680.75/76 on Windows/macOS and 146.0.7680.75 on Linux; CISA added these flaws to the KEV catalog with a March 27, 2026 deadline for federal agencies.

Marathon Deluxe Edition Silk Glitch Lets Players Max Reward Pass in Minutes
gaming4 months ago

Marathon Deluxe Edition Silk Glitch Lets Players Max Reward Pass in Minutes

Marathon (2025)’s Deluxe Edition grants extra Silk, and players have found a Silk overflow bug that lets them repeatedly restart to reclaim 200 Silk, quickly maxing the Season One reward pass in minutes. Bungie maintains a no-cheating policy (with possible rollbacks for abuse), and Silk is in-game currency used only for cosmetics, not real money purchases. The launch also saw other bugs, but this issue centers on the exploit’s impact on cosmetic rewards.

New ChatGPT Atlas Browser Raises Security and Privacy Concerns
cybersecurity8 months ago

New ChatGPT Atlas Browser Raises Security and Privacy Concerns

Cybersecurity researchers have discovered a vulnerability in OpenAI's ChatGPT Atlas browser that allows attackers to inject malicious instructions into the AI's persistent memory via a CSRF flaw, potentially leading to unauthorized code execution, account hijacking, and malware deployment, especially due to weak anti-phishing controls and the ability of tainted memories to persist across sessions and devices.

Urgent Cisco Security Alerts: Zero-Day Vulnerabilities and Mitigation Efforts
security9 months ago

Urgent Cisco Security Alerts: Zero-Day Vulnerabilities and Mitigation Efforts

Cisco warns of two critical zero-day vulnerabilities in its ASA and FTD software, actively exploited in the wild, prompting CISA to issue an emergency mitigation directive for federal agencies. The vulnerabilities allow remote code execution and unauthorized access, with ongoing attacks linked to a threat group called ArcaneDoor, posing significant risks to affected networks.