Security Boulevard

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...

What is agentic AI, and why does it matter now?

Agentic AI moves beyond passive responses to systems that can take action, make decisions, and execute complex workflows ...

GitHub developers targeted by fake VS Code alerts spreading malware

Socket uncovers large-scale GitHub spam campaign abusing “Discussions” notifications Fake advisories with bogus CVEs trick ...
Indiatimes on MSN

Vibe coding: Where your ideas matter more than syntax

Vibe coding is transforming how software is built by allowing users to create apps through simple prompts instead of ...

DarkSword leak puts millions of iPhone users at risk

A leaked hacking tool called DarkSword could expose older iPhones and iPads to attacks through malicious links and ...

Fake VS Code alerts on GitHub spread malware to developers

A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the ...

This popular app builder is being abused to trick users - here's what we know

Bubble.io's good name is being tarnished by advanced and convincing phishing lures.
The Hacker News

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

WebRTC skimmer exploits PolyShell flaw since March 19, hitting 56.7% stores, enabling stealth data theft bypassing CSP.
WinBuzzer

Anthropic’s Claude Code Gets Auto Mode, Cowork Gains Desktop Control

Anthropic has launched auto mode for Claude Code and computer use for Cowork, expanding AI agent autonomy as revenue ...

Cloudflare’s new Dynamic Workers ditch containers to run AI agent code 100x faster

Cloudflare says dynamically loaded Workers are priced at $0.002 per unique Worker loaded per day, in addition to standard CPU ...