EDR killer tool uses signed kernel driver from forensic software Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them.

EDR killer tool uses signed kernel driver from forensic software #EDR www.bleepingcomputer.com/news/securit...

Notepad++ update feature hijacked by Chinese state hackers for months Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today.

Notepad++ update feature hijacked by Chinese state hackers for months www.bleepingcomputer.com/news/securit...

Overrun with AI slop, cURL scraps bug bounties to ensure "intact mental health" The onslaught includes LLMs finding bogus vulnerabilities and code that won't compile.

Overrun with AI slop, cURL scraps bug bounties to ensure “intact mental health” #Curl arstechnica.com/security/202...

Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers Cloudflare patched an ACME HTTP-01 validation flaw that disabled WAF protections and let unauthorized requests reach origin servers.

Cloudflare Fixes ACME Validation Bug Allowing WAF Bypass to Origin Servers thehackernews.com/2026/01/clou... #Cloudflare

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions Trend Micro patched a critical Apex Central on-prem Windows flaw (CVE-2025-69258) with CVSS 9.8 that allows remote code execution if access exists.

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions thehackernews.com/2026/01/tren...

NordVPN denies breach claims, says attackers have "dummy data" NordVPN denied allegations that its internal Salesforce development servers were breached, saying that cybercriminals obtained "dummy data" from a trial account on a third-party automated testing plat...

NordVPN denies breach claims, says attackers have "dummy data" www.bleepingcomputer.com/news/securit... #NordVPN

Massive Rainbow Six Siege breach gives players billions of credits Ubisoft's Rainbow Six Siege (R6) suffered a breach that allowed hackers to abuse internal systems to ban and unban players, manipulate in-game moderation feeds, and grant massive amounts of in-game cu...

Massive Rainbow Six Siege breach gives players billions of credits www.bleepingcomputer.com/news/securit...

TP-Link Tapo C200: Hardcoded Keys, Buffer Overflows and Privacy in the Era of AI Assisted Reverse Engineering

TP-Link Tapo C200: Hardcoded Keys, Buffer Overflows and Privacy in the Era of AI Assisted Reverse Engineering www.evilsocket.net/2025/12/18/T...

Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks Unpatched Gogs flaw CVE-2025-8110 enables file overwrite and code execution, driving over 700 confirmed compromises.

Unpatched Gogs Zero-Day Exploited Across 700+ Instances Amid Active Attacks thehackernews.com/2025/12/unpa... #Gogs #0day

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001) Active exploitation targets 7-Zip CVE-2025-11001; patch 25.00 fixes symbolic link RCE flaws.

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001) thehackernews.com/2025/11/hack...

Catching Credential Guard Off Guard - SpecterOps Uncovering the protection mechanisms provided by modern Windows security features and identifying new methods for credential dumping.

Catching Credential Guard Off Guard specterops.io/blog/2025/10...

r-tec Blog | Bypass AMSI in 2025 This blog post will shed some light on what's behind AMSI (roughly, but hopefully easy to understand) and how you can still effectively bypass it - more than four years later.

Bypass AMSI in 2025 #AMSI www.r-tec.net/r-tec-blog-b...

13-Year-Old Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely Redis fixes 13-year CVSS 10 flaw allowing Lua script-based remote code execution in all versions.

13-Year-Old Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely #Redis #RCE thehackernews.com/2025/10/13-y...

One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens #Microsoft #EntraID dirkjanm.io/obtaining-gl...

ksmbd - Fuzzing Improvements and Vulnerability Discovery (2/3) #Fuzzing blog.doyensec.com/2025/09/02/k...

Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel Some memory corruption bugs are much harder to exploit than others. They can involve race conditions, crash the system, and impose limitations that make a researcher's life difficult. Working with suc...

Kernel-hack-drill and a new approach to exploiting CVE-2024-50264 in the Linux kernel #Linux #Kernel a13xp0p0v.github.io/2025/09/02/k...

WinRAR zero-day exploited to plant malware on archive extraction A recently fixed WinRAR vulnerability tracked as CVE-2025-8088 was exploited as a zero-day in phishing attacks to install the RomCom malware.

WinRAR zero-day exploited to plant malware on archive extraction. #WinRAR #0day www.bleepingcomputer.com/news/securit...

Project Zero: From Chrome renderer code exec to kernel with MSG_OOB
googleprojectzero.blogspot.com/2025/08/from...

ReVault flaws let hackers bypass Windows login on Dell laptops ControlVault3 firmware vulnerabilities impacting over 100 Dell laptop models can allow attackers to bypass Windows login and install malware that persists across system reinstalls.

ReVault flaws let hackers bypass Windows login on Dell laptops www.bleepingcomputer.com/news/securit...

SonicWall urges admins to disable SSLVPN amid rising attacks SonicWall has warned customers to disable SSLVPN services due to ransomware gangs potentially exploiting an unknown security vulnerability in SonicWall Gen 7 firewalls to breach networks over the past...

SonicWall urges admins to disable SSLVPN amid rising attacks #SonicWall www.bleepingcomputer.com/news/securit...

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access Active SharePoint exploits since July 7 target governments and tech firms globally, risking key theft and persistent access.

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access #0day thehackernews.com/2025/07/hack...

CVE-2025-1729 - Privilege Escalation Using TPQMAssistant.exe

CVE-2025-1729 - Privilege Escalation Using TPQMAssistant.exe

trustedsec.com/blog/cve-202...

Applocker bypass on Lenovo machines – The curious case of MFGSTAT.zip This blogpost is about a minor discovery I made regarding a writeable file inside the Windows folder that is present on Lenovo machines. Initially when I found it I thought it was only a handful of…

Applocker bypass on Lenovo machines – The curious case of MFGSTAT.zip oddvar.moe/2025/07/03/a...

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms Chinese hackers exploited Ivanti CSA zero-days, targeting French government, media, and telecom sectors in September 2024.

Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms thehackernews.com/2025/07/chin... #Ivanti #0day

Over 1,200 Citrix servers unpatched against critical auth bypass flaw Over 1,200 Citrix NetScaler ADC and NetScaler Gateway appliances exposed online are unpatched against a critical vulnerability believed to be actively exploited, allowing threat actors to bypass authe...

Over 1,200 Citrix servers unpatched against critical auth bypass flaw #Citrix www.bleepingcomputer.com/news/securit...

Instagram ads mimicking BMO, EQ Bank are finance scams Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud. Some ...

Instagram ads mimicking BMO, EQ Bank are finance scams
www.bleepingcomputer.com/news/securit...

CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability CISA warns CVE-2023-0386 is being actively exploited, impacting Linux systems via OverlayFS. Patching is urgent.

CISA Warns of Active Exploitation of Linux Kernel Privilege Escalation Vulnerability thehackernews.com/2025/06/cisa... #Linux

Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware Apple patched zero-day flaws exploited to deploy Paragon’s Graphite spyware targeting journalists and civil society, raising global spyware concerns.

Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware thehackernews.com/2025/06/appl... #Apple

Streaming Zero-Fi Shells to Your Smart Speaker In October 2024, RET2 participated in the “Small Office / Home Office” (SOHO) flavor of Pwn2Own, a competition which challenges top security researchers to c...

Streaming Zero-Fi Shells to Your Smart Speaker |
Exploiting the Sonos Era 300 with a Malicious HLS Playlist blog.ret2.io/2025/06/11/p...

Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them. The publicly available exploits provide a near-universal way to bypass key protections.

Found in the wild: 2 Secure Boot exploits. Microsoft is patching only 1 of them arstechnica.com/security/202...