Security Boulevard

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...

Brad Treliving broke up the Core Four and ended a dream that was never going to come true

When the Toronto Maple Leafs hired Brad Treliving as general manager in May, 2023 – that was the moment things started to get ...
The Hacker News

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

DeepLoad exploits ClickFix and WMI persistence to steal credentials, enabling stealth reinfection after three days.

Hackers are using fake coding jobs to spread malware through GitHub

The malware at the center of it, dubbed Omnistealer by investigators, uses public blockchains not just for payments, but as ...
The Globe and Mail

Why some companies must kill their own products

When the first wave of AI-powered work software hit the market, entrepreneur Aydin Mirzaee realized the days were numbered for Fellow, his meeting management company. “We told everybody that for the ...
The Hacker News

⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More

Active exploits, nation-state campaigns, fresh arrests, and critical CVEs — this week's cybersecurity recap has it all.
NetEye Blog

Vue 3 PWAs are great, until they bite

This is more about what happens when you try to make a Vue 3 PWA behave well in real life, on a complex multi-faceted application. Vue 3 gives you the reactivity model and composition primitives that ...