News

Update your Samsung phone ASAP to patch this zero-day flaw exploited in the wild

All impacted phone models will receive the fix, which patches a vulnerability tracked as CVE-2025-21043. The security flaw, issued a critical base score of 8.8 by Samsung Mobile (a CNA), is described ...
SecurityWeek

Samsung Patches Zero-Day Exploited Against Android Users

Samsung’s September 2025 security updates for Android devices include a patch for a vulnerability that has been exploited in ...
ZDNet

Code execution exploit dings iPhone

Apple's iPhone has failed the security smell test. Researchers at Security Evaluators have found what is believed to be the first remote code execution flaw affecting the device -- a bug that can be ...
Infosecurity Magazine

Critical CVEs in Chaos-Mesh Enable In-Cluster Code Execution

A trio of critical vulnerabilities in the Chaos-Mesh platform allow in-cluster attackers to run arbitrary code, even in ...
HotHardware

BleedingTooth Linux Exploit Can Lead to Remote Code Execution Within Bluetooth Range

A new Bluetooth security vulnerability has appeared, and this time Linux is under the gun. Andy Nguyen, an information security researcher, discovered the vulnerabilities. They are collectively known ...
Bleeping Computer

Zerodium triples WordPress remote code execution exploit payout

Zerodium has announced today an increased interest in exploits for the WordPress content management system that achieve remote code execution. The exploit acquisition platform is now enticing exploit ...
CSOonline

Microsoft demonstrates remote code execution exploit against PLCs that support CODESYS

Researchers from Microsoft have demonstrated how programmable logic controllers (PLCs) that support the CODESYS runtime can be taken over by exploiting high-severity remote code execution (RCE) ...
Ars Technica

Code execution 0day in Windows has been under active exploit for 7 weeks

What even is the Microsoft Support Diagnostic Tool? Is it something I'm ever going to want to turn back on? Google makes it sound like something that only gets used if you call Microsoft Support. If ...
Bleeping Computer

Public Windows PrintNightmare 0-day exploit allows domain takeover

Update: Microsoft acknowledged PrintNightmare as a zero-day that has been affecting all Windows versions since before June 2021 security updates. Technical details and a proof-of-concept (PoC) exploit ...
TechSpot

Dark Souls PvP servers suspended due to remote code execution exploit

What just happened? Being able to invade another player's game is one of the Dark Souls series' defining characteristics, but it seems this feature can be used for some very nefarious purposes.
Ars Technica

Code execution 0-day in Windows has been under active exploit for 7 weeks

A critical code execution zero-day in all supported versions of Windows has been under active exploit for seven weeks, giving attackers a reliable means for installing malware without triggering ...