Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple’s A12 and A13 chips. That code is burned into the silicon at manufacture. No software update can reach it. Affected devices…
The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that it hands out to affiliates for impairing system defenses before deploying the encryptor. This mature portfolio of EDR-terminating tools is…
CVE ID :CVE-2023-54357 Published : June 19, 2026, 5:52 p.m. | 1 hour, 3 minutes ago Description :Joomla com_booking component 2.4.9 contains an information disclosure vulnerability that allows unauthenticated attackers to enumerate user accounts by exploiting the getUserData function in the customer…
CVE ID :CVE-2019-25762 Published : June 19, 2026, 5:48 p.m. | 1 hour, 6 minutes ago Description :Joomla! Component JoomProject 1.1.3.2 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive user data by exploiting the projects endpoint. Attackers can…
CVE ID :CVE-2019-25758 Published : June 19, 2026, 5:35 p.m. | 1 hour, 20 minutes ago Description :Joomla! Component vBizz 1.0.7 contains an unrestricted file upload vulnerability that allows authenticated attackers to upload arbitrary PHP files by submitting malicious files through the…
CVE ID :CVE-2026-12390 Published : June 18, 2026, 6:30 p.m. | 17 minutes ago Description :In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in…
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded…
CVE ID :CVE-2026-54390 Published : June 18, 2026, 5:33 p.m. | 1 hour, 14 minutes ago Description :JTL Shop versions 5.2.0 through 5.7.1 contains a server-side template injection vulnerability that allows unauthenticated attackers to inject malicious template syntax due to unsanitized user-supplied…
F5 has released security updates to address two critical security flaws in NGINX Open Source that could be exploited to achieve code execution on affected systems. The vulnerabilities are listed below – CVE-2026-42530 (CVSS v4 score: 9.2) – A use-after-free…
CVE ID :CVE-2026-55204 Published : June 18, 2026, 4:05 p.m. | 2 hours, 42 minutes ago Description :HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpack_dht_insert() within src that fails to validate the return value of…