All posts by John Doe

■■■■■ 📱 New Linux Kernel Vulnerability Directly Exploited from Chrome Renderer Sandbox Via Rare Linux Socket Feature. New Linux Kernel Vulnerability Directly Exploited from Chrome Renderer Sandbox Via Rare Linux Socket Feature

■■■■■ WinRAR zero-day exploited to plant malware on archive extraction. www.bleepingcomputer.com/news/security/winrar-zero-day-flaw-exploited-by-romcom-hackers-in-phishing-attacks/

■■■■□ A non native arrested for driving smishing SMS blasters around Vietnam 🇻🇳 Risk, Fraud & Security The fake base stations sent messages claiming recipients had to pay a traffic fine. Foreign National Arrested for Driving Smishing SMS Blasters around Vietnam

PHRACK – 72 72nd Edition of Phrack has been released in limited capacity. Full release in a few days. https://phrack.org/

■■□□□ ‘The best solution is to murder him in his sleep’: AI models can send subliminal messages that teach other AIs to be ‘evil,’ study claims. https://www.livescience.com/technology/artificial-intelligence/the-best-solution-is-to-murder-him-in-his-sleep-ai-models-can-send-subliminal-messages-that-teach-other-ais-to-be-evil-study-claims

■■□□□ Microsoft Bounty Program year in review: $17 million in rewards. This is in 12 month’s time. https://msrc.microsoft.com/blog/2025/08/microsoft-bounty-program-year-in-review-17-million-in-rewards/

■□□□□ The CVE Scoring Trap — Why “Critical” Doesn’t Always Mean Critical A recent analysis shows CVSS ratings often exaggerate real risk: 📊 33,000+ CVEs in 2024 — only ~12% of “critical” ones truly critical in practice. 🔍 Review of 140 major CVEs → 88% of “Critical” & 57% of “High” labels misleading. ⚠️ Example:…

■■■□□ SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls. SonicWall: Attackers did not exploit zero-day vulnerability to compromise Gen 7 firewalls

■■■□□ German security researchers say ‘Windows Hell No’ to Microsoft biometrics for biz. https://www.theregister.com/2025/08/07/windows_hello_hell_no/

■■■■■ 🔍 Google says the group behind last year’s Snowflake attack slurped data from one of its Salesforce instances. ShinyHunters suspected in rash of intrusions. https://www.theregister.com/2025/08/06/google_salesforce_attacks/