The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building ...

The ransomware gang, known for double-extortion attacks, had access to a critical Cisco firewall vulnerability weeks before ...

The new project combines clinical data with advanced analytics and artificial intelligence in an effort to create ...

The open-source database RxDB 17 now synchronizes data directly via Google Drive or OneDrive – developers no longer need ...

The Office Scripts action recorder can generate code snippets for Excel changes, but some actions still require manual ...

Features now not included in Java releases will be added, while Java theme ambitions plan for easier use for immutable data ...

An N-day vulnerability in Microsoft Word exposes nearly 14 million assets. Attackers can exploit this flaw to bypass security ...

Lens formats are types of AR experiences in Lens Studio that developers can create and publish. Snapchat is now introducing a ...

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...

ThreatsDay Bulletin covers stealthy attack trends, evolving phishing tactics, supply chain risks, and how familiar tools are ...