Research
-
High-severity parsing flaw in async-tar and forks could enable file overwrite and RCE
A boundary parsing flaw in async-tar and forks including tokio-tar, tracked as CVE-2025-62518 and dubbed TARmageddon, can allow nested TARs to be treated as outer entries and be used to overwrite files and enable remote code execution; users are advised to migrate to astral-tokio-tar v0.5.6.
-
Researchers Exploit 34 Zero‑Days on Opening Day of Pwn2Own Ireland 2025
On the opening day of Pwn2Own Ireland 2025 researchers exploited 34 zero‑day vulnerabilities and won $522,500 in prizes; Team DDOS earned $100,000 for chaining multiple flaws to compromise a QNAP router and NAS, and the Summoning Team led the leaderboard after day one.
-
Phishing emails offering fake jobs used to steal Facebook logins, researcher says
Sublime Security reported on Oct. 16, 2025 that a phishing campaign uses fake job offers and brand impersonation to capture Facebook login credentials, warning of deceptive URLs and counterfeit login pages.
-
Google links three new ‘ROBOT’ malware families to Russia-linked COLDRIVER
Google’s Threat Intelligence Group linked three new malware families — NOROBOT, YESROBOT and MAYBEROBOT — to the Russia-linked COLDRIVER group, describing a ClickFix-style delivery chain and ongoing rapid development aimed at evading detection. Dutch prosecutors also said three youths are suspected of providing services to a foreign government and one had contact with a Russia-affiliated…
-
Researchers find 131 Chrome extensions cloned to automate WhatsApp spam in Brazil
Researchers say 131 rebranded Chrome extensions, sharing a common codebase, were used to automate bulk WhatsApp Web messaging aimed at Brazilian users, a campaign that appears designed to evade platform anti-spam controls and contravene Chrome Web Store rules.
-
Researchers disclose critical WatchGuard Fireware IKEv2 vulnerability allowing unauthenticated code execution
Researchers and vendor advisories describe a critical out‑of‑bounds write in WatchGuard Fireware’s IKEv2 handling that can be exploited pre‑authentication to achieve remote code execution; patches are available.
-
Google says North Korean hackers used smart-contract “EtherHiding” to deliver malware
Google Threat Intelligence Group says a North Korean actor known as UNC5342 used an “EtherHiding” smart-contract technique to host and deliver JavaScript malware via fake job interviews, enabling stealthy payload updates and theft of credentials and cryptocurrency.
-
Analysis says Unitree G1 humanoid robot can be used for espionage and cyber attacks
Alias Robotics says its analysis found Unitree G1 humanoid robots can be taken over via a Bluetooth provisioning flaw, use weak, shared encryption for configuration files, and continuously transmit sensor and telemetry data to servers in China, creating risks for covert surveillance and network attacks.
-
Researchers disclose two CVSS 10.0 flaws in Red Lion Sixnet RTUs
Security researchers have disclosed two CVSS 10.0 vulnerabilities (CVE-2023-40151 and CVE-2023-42770) in Red Lion Sixnet RTUs that can allow unauthenticated attackers to execute commands as root; vendors and agencies advise patching, enabling authentication and blocking TCP access.
-
AMD issues fixes for ‘RMPocalypse’ flaw that can break SEV‑SNP protections
AMD has released fixes for a vulnerability termed RMPocalypse that researchers say can let a malicious hypervisor corrupt the Reverse Map Paging table during initialization and defeat SEV‑SNP protections; AMD has assigned CVE‑2025‑0033 and lists affected EPYC processors.
