7 results found

Security researcher Chaotic Eclipse has publicly released "RoguePlanet," a seventh Windows zero-day exploit, just hours after Microsoft's record-breaking June Patch Tuesday. This vulnerability grants SYSTEM privileges on fully patched Windows 10 and 11 systems, deepening a dispute with Microsoft over previous disclosures. The exploit leverages a race condition in Windows Defender.
A recently laid-off Meta employee has been detained by US immigration agents in El Paso, Texas, according to internal company communications. The incident highlights the critical vulnerability of visa-holding tech workers during mass layoffs and has sparked urgent concern among current Meta staff.

A critical flaw dubbed "AI tool poisoning" has been uncovered in enterprise AI agent security. The vulnerability exploits AI agents' reliance on unverified tool descriptions, rendering traditional software supply chain controls insufficient for ensuring behavioral integrity. A new runtime verification layer, using behavioral specifications and a proxy, is proposed to validate tool actions and prevent sophisticated attacks like prompt injection and behavioral drift.
React2Shell (CVE-2025-55182) was a critical RCE vulnerability in React's Flight protocol, discovered by unpicking its undocumented internal workings. It leveraged how Flight deserializes complex objects and how `await` leniently handles "thenables," ultimately allowing attackers to execute arbitrary code by manipulating React's internal promise resolution logic.

Quick Verdict Apple's latest minor update, iOS/iPadOS 26.4.2, isn't just another incremental patch; it's a critical security fix addressing a significant privacy vulnerability. This update mends a flaw that allowed for

DJI will pay security researcher Sammy Azdoufal $30,000 for discovering critical vulnerabilities in its Romo robot vacuums. Azdoufal accidentally accessed a network of 7,000 Romo devices, exposing privacy risks including PIN-less video access. While some issues are patched, a more severe vulnerability is still being addressed, with full system upgrades expected within a month.
Phison CEO Pua Khein-Seng warns of a severe RAM crunch by late 2026, threatening product line cuts and even company failures due to component shortages. This dire prediction, confirmed by sources to The Verge, highlights a critical vulnerability in the global tech supply chain.