Tag

Exploit

All articles tagged with #exploit

technology17 days ago•4 min saved

DarkSword Goes Public: iPhone Data-Stealing Exploit Released

DarkSword, a web-based iPhone exploit, has been released on GitHub and is reportedly used by Russia-linked groups to compromise iPhones simply by visiting a compromised site; it targets iOS versions 18.4–18.6.2, exfiltrates data quickly, and does not require malware installation. Lookout and iVerify link it to the same infrastructure as earlier campaigns, with Google noting deployment by UNC6353 on Ukrainian government sites. Apple has issued a critical security update and urged users to update or enable Lockdown Mode; devices on older iOS versions should upgrade to newer releases (iOS 15 for 13/14).

via Mashable|

#cybersecurity #darksword #exploit

technology27 days ago•13 min saved

Slay The Spire 2 Clamps Down on 1B HP Glitch as It Tops 3 Million in Week One

Slay The Spire 2 sold 3 million copies and logged over 250 million runs in its first week of Early Access; Mega Crit Games is patching out a billion-HP exploit by capping HP at 999,999,999, while also planning balance tweaks, bug fixes, art updates, Steam Workshop support, multiplayer QoL improvements, and other features ahead.

via Kotaku|

#early-access #exploit #patch

technology28 days ago•1 min saved

Chrome patches two in-the-wild zero-days hit Skia and V8

Google released Chrome security updates to fix two high-severity zero-days exploited in the wild: CVE-2026-3909 (out-of-bounds write in Skia) and CVE-2026-3910 (V8 sandbox escape). Users should update to Chrome 146.0.7680.75/76 on Windows/macOS and 146.0.7680.75 on Linux; CISA added these flaws to the KEV catalog with a March 27, 2026 deadline for federal agencies.

via The Hacker News|

#chrome #exploit #security

gaming1 month ago•9 min saved

Marathon Deluxe Edition Silk Glitch Lets Players Max Reward Pass in Minutes

Marathon (2025)’s Deluxe Edition grants extra Silk, and players have found a Silk overflow bug that lets them repeatedly restart to reclaim 200 Silk, quickly maxing the Season One reward pass in minutes. Bungie maintains a no-cheating policy (with possible rollbacks for abuse), and Silk is in-game currency used only for cosmetics, not real money purchases. The launch also saw other bugs, but this issue centers on the exploit’s impact on cosmetic rewards.

via Eurogamer.net|

#deluxe-edition #exploit #gaming

cybersecurity5 months ago•3 min saved

New ChatGPT Atlas Browser Raises Security and Privacy Concerns

Cybersecurity researchers have discovered a vulnerability in OpenAI's ChatGPT Atlas browser that allows attackers to inject malicious instructions into the AI's persistent memory via a CSRF flaw, potentially leading to unauthorized code execution, account hijacking, and malware deployment, especially due to weak anti-phishing controls and the ability of tainted memories to persist across sessions and devices.

via The Hacker News|

#ai-security #chatgpt #cybersecurity

security6 months ago•2 min saved

Urgent Cisco Security Alerts: Zero-Day Vulnerabilities and Mitigation Efforts

Cisco warns of two critical zero-day vulnerabilities in its ASA and FTD software, actively exploited in the wild, prompting CISA to issue an emergency mitigation directive for federal agencies. The vulnerabilities allow remote code execution and unauthorized access, with ongoing attacks linked to a threat group called ArcaneDoor, posing significant risks to affected networks.

via The Hacker News|

#cisa-emergency-directive #cisco-asa #cybersecurity

technology8 months ago•2 min saved

Security Flaws in Google and Gemini Tools Pose Hacker Risks

A security flaw in the Gemini CLI coding tool allows hackers to execute malicious commands silently, bypassing user notifications, due to inadequate command whitelisting. The vulnerability was exploited through crafted prompt injections that tricked the tool into running harmful commands without alerting the user. Users are advised to update to version 0.1.14 and run untrusted code in sandboxed environments to mitigate risks.

via Ars Technica|

#command-injection #exploit #gemini-cli

technology10 months ago•1 min saved

Google Releases Urgent Patch for Critical Chrome Zero-Day Exploit

Google released emergency patches for Chrome after discovering a high-severity zero-day vulnerability (CVE-2025-5419) actively exploited in the wild, affecting the V8 engine and prompting users to update their browsers immediately.

via The Hacker News|

#chrome #exploit #security-patch

technology10 months ago•2 min saved

Thousands of ASUS Routers Compromised by Persistent Botnet and Backdoors

Thousands of ASUS routers have been compromised by a persistent botnet that survives firmware updates and reboots, potentially controlled by a nation state, with affected models including RT-AC3100, RT-AC3200, and RT-AX55. The only recommended mitigation is to factory reset the routers and then update the firmware, as the infection cannot be removed by updates alone.

via 9to5Mac|

#asus #botnet #exploit

cryptocurrency1 year ago•2 min saved

Velocore DEX Hacked, $10M Stolen in Major Exploit

Velocore, a decentralized exchange on the zkSync and Linea blockchains, suffered a $10 million exploit targeting its liquidity provider tokens. Despite passing security audits, hackers transferred over 700 ETH to the Ethereum mainnet. While Velocore's stable pools were unaffected, the team is working with security experts and centralized exchanges to freeze the stolen assets. The incident caused a 5% drop in Velocore's native token VC, though zkSync and Linea blockchains remained largely unaffected.

via AMBCrypto News|

#cryptocurrency #dex #exploit

cryptocurrency1 year ago•2 min saved

Normie Meme Coin Crashes 99% After Exploit, Team Considers Hacker Demands

The meme coin Normie (NORMIE) plummeted 99% after attackers exploited a tax function in its contract, manipulating the token's supply and draining its liquidity pools. The attacker offered to return 90% of the stolen funds if the developers agreed to relaunch the project, which they accepted. The attacker criticized the contract code as a "copy-paste" job, highlighting the lack of thorough review. The exploit caused significant losses for investors, with one losing $1.6 million. Normie's market cap dropped from over $40 million to just $700.

via CoinDesk|

#blockchain #cryptocurrency #ethereum

gaming-news1 year ago•2 min saved

"Wuthering Waves Players Exploit Clock Trick to Unlock Future Content"

Wuthering Waves, a new Gacha game from Kuro Games, is facing technical issues at launch, prompting an apology and compensation from the developer. Players discovered an exploit to access an upcoming character early by changing their system date, which has been patched in the Chinese version but may still work in the western version. Kuro Games is working to resolve various issues including login problems, crashes, and performance glitches.

via IGN|

#exploit #gacha-game #gaming-news

gaming2 years ago•1 min saved

"Helldivers 2 Developer Addresses Glitch Exploitation for Free Super Credits"

Helldivers 2 players have been exploiting a glitch to farm Super Credits for free, prompting developer Arrowhead to acknowledge the issue. Players have been using a method involving force-quitting the game on PC or shutting down their PS5 console to retain the earned Super Credits. Arrowhead has assured the community that they are aware of the exploit and are working on a fix, although the timing of the remedy is uncertain due to other ongoing development priorities.

via Gamesradar|

#arrowhead #exploit #gaming

cybersecurity2 years ago•3 min saved

"Google's Warning: Spyware Vendors Exploit 50% of 2023 Zero-Day Attacks"

Google's Threat Analysis Group and Mandiant observed a significant increase in zero-day vulnerabilities exploited in attacks in 2023, with over 50% linked to spyware vendors and their clients. Commercial surveillance vendors were responsible for 50% of all zero-day exploits used in the wild, with Chinese cyber espionage groups exploiting 12 zero-day vulnerabilities. Google advised high-risk users to enable security features on their devices and enroll in its Advanced Protection Program to defend against zero-day attacks. The U.S. has also taken actions, including sanctions and visa restrictions, targeting individuals and entities linked to commercial spyware.

via BleepingComputer|

#cyber-espionage #cybersecurity #exploit

technology2 years ago•2 min saved

"Unfixable Security Flaw Threatens Apple's M1 and M2 Chips"

Researchers have uncovered the GoFetch security exploit affecting Apple M-series and Intel Raptor Lake CPUs, which takes advantage of data memory-dependent prefetchers (DMPs) to leak potentially sensitive data. While software patches can disable DMP on some processors, it's not possible for M1 and M2 chips, posing a significant security risk. One workaround involves running cryptographic work solely on the Icestorm cores, but this may result in performance penalties. The potential for future vulnerabilities in Apple's next generation CPUs raises concerns about the security of DMP and the need for effective solutions.

via The Register|

#apple #cpu #exploit