A simple Google Calendar invitation can be weaponized to hijack Gemini-powered assistants—enabling attackers to harvest email content, pinpoint user locations, live-stream video feeds, and even manipulate home appliances. What had once been dismissed as academic theory is now a...

Akamai Technologies has patched a critical HTTP request smuggling vulnerability affecting its Ghost platform, after a coordinated disclosure with security researcher James Kettle of PortSwigger. The vulnerability, tracked as CVE-2025-32094, allowed attackers to inject a secondary HTTP request within...

A powerful new method of short-term covert command-and-control (C2) using mainstream web-conferencing services. Dubbed “Ghost Calls,” this technique repurposes real-time communication protocols—built for low-latency audio and video streaming—as a high-bandwidth, interactive C2 channel that seamlessly blends into an organization’s...

In a groundbreaking presentation at Black Hat USA 2025, security researcher Dirk-jan Mollema revealed a suite of advanced lateral movement techniques that exploit the hybrid trust model between on-premises Active Directory (AD) and Microsoft Entra ID. Despite recent hardening...

Nvidia this week reaffirmed its commitment to hardware integrity, categorically denying industry speculation that its GPUs contain secret “kill switches” or backdoors that would allow remote disabling or surveillance. In a statement posted on the company’s official blog, Nvidia...

A critical vulnerability in HTTP/1.1 protocol that exposes tens of millions of websites to hostile takeover through sophisticated desynchronization attacks. Despite six years of vendor mitigation efforts, PortSwigger's latest research demonstrates that HTTP/1.1 remains fundamentally insecure, with attackers consistently...