The code that wasn't there: Reading memory on an Android device by accident | The GitHub Blog – 2023
#Android #Vulnerability #Bug #Qualcomm
The bug was a somewhat accidental find, and although it can only be used to leak information, it is nevertheless a very powerful bug that can be used to leak large amounts of information to a malicious Android app; it can be used an unlimited number of times with no adverse effects on the running state of the phone. I’ll show how it can be used to leak information at the page level in the user space and kernel space. I’ll then use the kernel space information leak to construct a KASLR bypass. From a vulnerability research point of view, it’s also a rather subtle and perhaps one the most unusual bugs that I’ve ever found#Android #Vulnerability #Bug #Qualcomm
New Python tool checks NPM packages for manifest confusion issues –
The problem is with the inconsistent information between a package's manifest data as displayed in the NPM registry and the data present in the 'package.json' file of the published package.
A malicious actor could manipulate the manifest data of a new package, eliminating certain scripts or dependencies so that they do not appear in the NPM registry.
However, these scripts or dependencies would still be present in the package.json file and would be executed when the package is installed, without the user being aware
#Github #cybersec #vulnerability
The problem is with the inconsistent information between a package's manifest data as displayed in the NPM registry and the data present in the 'package.json' file of the published package.
A malicious actor could manipulate the manifest data of a new package, eliminating certain scripts or dependencies so that they do not appear in the NPM registry.
However, these scripts or dependencies would still be present in the package.json file and would be executed when the package is installed, without the user being aware
#Github #cybersec #vulnerability
BleepingComputer
New Python tool checks NPM packages for manifest confusion issues
A security researcher and system administrator has developed a tool that can help users check for manifest mismatches in packages from the NPM JavaScript software registry.
itnewsbot@schleuss.online - WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April - Enlarge (credit: Getty Images)
A newly discovered zeroday in t... - https://arstechnica.com/?p=1962625 #vulnerability #security #zipfiles #exploit #zeroday #biz #winrar
A newly discovered zeroday in t... - https://arstechnica.com/?p=1962625 #vulnerability #security #zipfiles #exploit #zeroday #biz #winrar
Ars Technica
WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April
Vulnerability allows hackers to execute malicious code when targets open malicious ZIP files.
#Intel ‘Downfall’: Severe flaw in billions of #CPUs leaks passwords and much more
There is a serious security flaw in billions of Intel CPUs that can let attackers steal confidential data like passwords and encryption keys. Firmware updates can fix it, but at a potential significant performance loss.
https://www.pcworld.com/article/2025589/downfall-serious-security-vulnerability-in-billions-of-intel-cpus-how-to-protect-yourself.html
https://downfall.page/
>It only requires the attacker and victim to share the same physical processor core
>only
"if you let us in your house, we might steal your stuff!"
#vulnerability
There is a serious security flaw in billions of Intel CPUs that can let attackers steal confidential data like passwords and encryption keys. Firmware updates can fix it, but at a potential significant performance loss.
https://www.pcworld.com/article/2025589/downfall-serious-security-vulnerability-in-billions-of-intel-cpus-how-to-protect-yourself.html
https://downfall.page/
>It only requires the attacker and victim to share the same physical processor core
>only
"if you let us in your house, we might steal your stuff!"
#vulnerability
PCWorld
Intel ‘Downfall’: Severe flaw in billions of CPUs leaks passwords and much more
There is a serious security flaw in billions of Intel CPUs that can let attackers steal confidential data like passwords and encryption keys. Firmware updates can fix it, but at a potential significant performance loss.
Unpatchable vulnerability in Apple chip leaks secret encryption keys | Ars Technica –
A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday
#Apple #Vulnerability #Infosec
A newly discovered vulnerability baked into Apple’s M-series of chips allows attackers to extract secret keys from Macs when they perform widely used cryptographic operations, academic researchers have revealed in a paper published Thursday
#Apple #Vulnerability #Infosec
Ars Technica
Unpatchable vulnerability in Apple chip leaks secret encryption keys
Fixing newly discovered side channel will likely take a major toll on performance.
#Bluetooth #vulnerability allows unauthorized user to record & play audio on Bluetooth speaker via #BlueSpy
Prevention section explains how you can check if your Bluetooth LE speakers/headsets are vulnerable to this attack using nRF Connect app
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/
#BlueDucky automates exploitation of Bluetooth pairing vulnerability that leads to 0-click code execution
▪️automatically scans for devices
▪️store MAC addresses of devices that are no longer visible but have enabled Bluetooth
▪️uses Rubber Ducky payloads
https://www.mobile-hacker.com/2024/03/26/blueducky-automates-exploitation-of-bluetooth-pairing-vulnerability-that-leads-to-0-click-code-execution/
Demonstration of using BlueDucky to exploit 0-click Bluetooth vulnerability of unpatched Android smartphone (CVE-2023-45866)
Exploit was triggered by Raspberry Pi 4 and then by Android running NetHunter
https://youtu.be/GOGW7U1f2RA
@androidMalware
Prevention section explains how you can check if your Bluetooth LE speakers/headsets are vulnerable to this attack using nRF Connect app
https://www.mobile-hacker.com/2024/03/22/bluetooth-vulnerability-allows-unauthorized-user-to-record-and-play-audio-on-bluetooth-speakers/
#BlueDucky automates exploitation of Bluetooth pairing vulnerability that leads to 0-click code execution
▪️automatically scans for devices
▪️store MAC addresses of devices that are no longer visible but have enabled Bluetooth
▪️uses Rubber Ducky payloads
https://www.mobile-hacker.com/2024/03/26/blueducky-automates-exploitation-of-bluetooth-pairing-vulnerability-that-leads-to-0-click-code-execution/
Demonstration of using BlueDucky to exploit 0-click Bluetooth vulnerability of unpatched Android smartphone (CVE-2023-45866)
Exploit was triggered by Raspberry Pi 4 and then by Android running NetHunter
https://youtu.be/GOGW7U1f2RA
@androidMalware
Mobile Hacker
Bluetooth vulnerability allows unauthorized user to record and play audio on Bluetooth speakers - Mobile Hacker
This critical security issue allows third party user to record audio from Bluetooth speaker with built-in microphone in vicinity, even when it is already paired and connected with another device. This can result in eavesdropping on private conversations using…
Forwarded from Pegasus NSO & other spyware
Becoming any Android app via Zygote command injection | Meta Red Team X
#Zygote #Android #Vulnerability
We have discovered a vulnerability in Android that allows an attacker with the WRITE_SECURE_SETTINGS permission, which is held by the ADB shell and certain privileged apps, to execute arbitrary code as any app on a device. By doing so, they can read and write any app’s data, make use of per-app secrets and login tokens, change most system configuration, unenroll or bypass Mobile Device Management, and more. Our exploit involves no memory corruption, meaning it works unmodified on virtually any device running Android 9 or later, and persists across reboots.#Zygote #Android #Vulnerability
Security flaw found in #android's WRITESECURESETTINGS showing attackers access to any app's data
https://rtx.meta.security/exploitation/2024/06/03/Android-Zygote-injection.html
#vulnerability
https://rtx.meta.security/exploitation/2024/06/03/Android-Zygote-injection.html
#vulnerability
Meta Red Team X
Becoming any Android app via Zygote command injection
We have discovered a vulnerability in Android that allows an attacker with the WRITE_SECURE_SETTINGS permission, which is held by the ADB shell and certain privileged apps, to execute arbitrary code as any app on a device. By doing so, they can read and write…
Forwarded from Pegasus NSO & other spyware
"Haunted by Legacy: Discovering and Exploiting Vulnerable #Tunnelling Hosts", 2025.
#Hosts #Vulnerability
This paper is the first to systematically analyse the securityof tunnelling hosts on the IPv4 and IPv6 Internet. Our large-scale Internet-wide scans identified over 4 million hosts that
accept unencrypted tunnelling packets from any source.
This is concerning because vulnerable hosts can be abused asone-way proxies, and many of these hosts also allow an ad-versary to spoof a packet’s source address, enabling variouskinds of known and novel attacks.
Moreover, we also demon-strated that these vulnerable hosts enable novel DoS attacks,such as our TuTL and Ping-Pong attacks. The TuTL attack
is especially concerning since it can be abused to perform DoS attacks against any third-party host on the Internet.
Our measurements also show that many Autonomous Systems,more than four thousand in total, do not (properly) imple-ment source address filtering, thereby allowing the spoofing
of source IP addresses.#Hosts #Vulnerability
Deep dive into the #Signal arbitrary deletion #vulnerability I discovered in Signal Desktop:
In Signal Desktop, attachments are stored in a designated folder (typically “attachments.noindex”). The deletion logic resolves this folder’s absolute path using fs.realpathSync, which inherently follows symbolic links.
https://nitter.poast.org/jipisback/status/1894682205500088793
https://x.com/jipisback/status/1894682205500088793
https://fixupx.com/jipisback/status/1894682205500088793
In Signal Desktop, attachments are stored in a designated folder (typically “attachments.noindex”). The deletion logic resolves this folder’s absolute path using fs.realpathSync, which inherently follows symbolic links.
https://nitter.poast.org/jipisback/status/1894682205500088793
https://x.com/jipisback/status/1894682205500088793
https://fixupx.com/jipisback/status/1894682205500088793
EvilLoader: Unpatched Telegram for Android Vulnerability Disclosed | Mobile Hacker
A newly discovered #vulnerability in #Telegram for #Android, dubbed #EvilLoader, has been identified by malware and CTI analyst 0x6rss. This exploit allows attackers to disguise malicious APKs as video files, potentially leading to unauthorized #malware installations on users’ devices. The vulnerability was detailed in his blog post and accompanied by a Proof of Concept (PoC) code.
This #exploit remains unpatched and continues to work on the latest version of Telegram for Android 11.7.4. Even more concerning, the payload has been available for sale on underground forums since January 15, 2025, making it accessible to cybercriminals worldwide. This is similar to WhatsApp trick, where Android malware can impersonate PDF file and trick user to install it.
Via @androidMalware
A newly discovered #vulnerability in #Telegram for #Android, dubbed #EvilLoader, has been identified by malware and CTI analyst 0x6rss. This exploit allows attackers to disguise malicious APKs as video files, potentially leading to unauthorized #malware installations on users’ devices. The vulnerability was detailed in his blog post and accompanied by a Proof of Concept (PoC) code.
This #exploit remains unpatched and continues to work on the latest version of Telegram for Android 11.7.4. Even more concerning, the payload has been available for sale on underground forums since January 15, 2025, making it accessible to cybercriminals worldwide. This is similar to WhatsApp trick, where Android malware can impersonate PDF file and trick user to install it.
Via @androidMalware
Google #Chrome RCE #Vulnerability Details Released Along with Exploit Code.
https://cybersecuritynews.com/google-chrome-rce-vulnerability/
■■■■■ Google Chrome RCE (no sandbox) via CanonicalEquality::EqualValueType()
https://ssd-disclosure.com/google-chrome-rce-no-sandbox-via-canonicalequalityequalvaluetype/
@cKure
https://cybersecuritynews.com/google-chrome-rce-vulnerability/
■■■■■ Google Chrome RCE (no sandbox) via CanonicalEquality::EqualValueType()
https://ssd-disclosure.com/google-chrome-rce-no-sandbox-via-canonicalequalityequalvaluetype/
@cKure
Cyber Security News
Google Chrome RCE Vulnerability Details Released Along with Exploit Code
Researchers have published the full technical details and exploit code for a critical remote code execution (RCE) vulnerability in Google Chrome’s V8 JavaScript engine.
Linux Kernel Rust Code Sees Its First CVE Vulnerability
17 December 2025 - CVE-2025-68260
The first CVE #vulnerability has been assigned to a piece of the #Linux kernel's #Rust code.
Comments
#Phoronix #LinuxKernel
17 December 2025 - CVE-2025-68260
The first CVE #vulnerability has been assigned to a piece of the #Linux kernel's #Rust code.
Comments
#Phoronix #LinuxKernel
WPair
app for testing #Bluetooth #WhisperPair #vulnerability in Google's Fast Pair protocol (CVE-2025-36911)
https://github.com/zalexdev/wpair-app
Hijacking Bluetooth Accessories Using Google Fast Pair. You can check if your device is vulnerable
https://whisperpair.eu
#bt
app for testing #Bluetooth #WhisperPair #vulnerability in Google's Fast Pair protocol (CVE-2025-36911)
https://github.com/zalexdev/wpair-app
Hijacking Bluetooth Accessories Using Google Fast Pair. You can check if your device is vulnerable
https://whisperpair.eu
#bt
GitHub
GitHub - zalexdev/wpair-app: WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair)…
WPair is a defensive security research tool that demonstrates the CVE-2025-36911 (eg WhisperPair) vulnerability in Google's Fast Pair protocol. This vulnerability affects millions of Blueto...
Hacking your PC using your speaker without ever touching it
What initially started as simply wanting to write a Linux tool for communicating with my speaker ended up with me discovering vulnerabilities which allow any attacker within a ~15M range of any Katana V2X to turn it into a covert spying tool and Rubber Ducky - all without ever having to pair with or physically touch the device.
https://blog.nns.ee/2026/06/03/katana-badusb/
Comments
#BT #vulnerability
What initially started as simply wanting to write a Linux tool for communicating with my speaker ended up with me discovering vulnerabilities which allow any attacker within a ~15M range of any Katana V2X to turn it into a covert spying tool and Rubber Ducky - all without ever having to pair with or physically touch the device.
https://blog.nns.ee/2026/06/03/katana-badusb/
Comments
#BT #vulnerability
blog.nns.ee
Pwnd Blaster: Hacking your PC using your speaker without ever touching it | nns.ee
Abusing an unauthenticated Bluetooth protocol to turn a PC speaker into a Rubber Ducky.
Media is too big
VIEW IN TELEGRAM
When Your Computer Gets Hacked Through A Bluetooth Speaker | Mental Outlaw
In this video I explain how a security researcher discovered an exploit in Creative's Sound Blaster Katana V2X soundbar that allows someone to install custom firmware to the speaker over an unauthenticated bluetooth connection to turn the speaker into a surveillance device or HID that can send commands to your computer.
Read the security researchers write up on the issue here
Pwnd Blaster: Hacking your PC using your speaker without ever touching it | nns.ee – https://blog.nns.ee/2026/06/03/katana-badusb/
#Bluetooth #Vulnerability #Hacking
#Exploit
In this video I explain how a security researcher discovered an exploit in Creative's Sound Blaster Katana V2X soundbar that allows someone to install custom firmware to the speaker over an unauthenticated bluetooth connection to turn the speaker into a surveillance device or HID that can send commands to your computer.
Read the security researchers write up on the issue here
Pwnd Blaster: Hacking your PC using your speaker without ever touching it | nns.ee – https://blog.nns.ee/2026/06/03/katana-badusb/
#Bluetooth #Vulnerability #Hacking
#Exploit
A 27-Year-Old Authentication Bypass in OpenBSD's PPP Stack · Argus Blog –
#OpenBSD's sppp_pap_input function used attacker-controlled length fields as the bcmp comparison length for credential validation. Sending zero-length name and password fields caused bcmp to return 0 unconditionally, bypassing PAP authentication entirely.
The #vulnerability was introduced in 1999 and survived for 27 years before being fixed..
#OpenBSD's sppp_pap_input function used attacker-controlled length fields as the bcmp comparison length for credential validation. Sending zero-length name and password fields caused bcmp to return 0 unconditionally, bypassing PAP authentication entirely.
The #vulnerability was introduced in 1999 and survived for 27 years before being fixed..