A simple Google Calendar invitation can be weaponized to hijack Gemini-powered assistants—enabling attackers to harvest email content, pinpoint user locations, live-stream video feeds, and even manipulate home appliances.
What had once been dismissed as academic theory is now a practical threat against everyday users....
Akamai Technologies has patched a critical HTTP request smuggling vulnerability affecting its Ghost platform, after a coordinated disclosure with security researcher James Kettle of PortSwigger.
The vulnerability, tracked as CVE-2025-32094, allowed attackers to inject a secondary HTTP request within the body of an initial...
A powerful new method of short-term covert command-and-control (C2) using mainstream web-conferencing services.
Dubbed “Ghost Calls,” this technique repurposes real-time communication protocols—built for low-latency audio and video streaming—as a high-bandwidth, interactive C2 channel that seamlessly blends into an organization’s normal network traffic.
At Black...
In a groundbreaking presentation at Black Hat USA 2025, security researcher Dirk-jan Mollema revealed a suite of advanced lateral movement techniques that exploit the hybrid trust model between on-premises Active Directory (AD) and Microsoft Entra ID.
Despite recent hardening efforts, these techniques demonstrate that...
Nvidia this week reaffirmed its commitment to hardware integrity, categorically denying industry speculation that its GPUs contain secret “kill switches” or backdoors that would allow remote disabling or surveillance.
In a statement posted on the company’s official blog, Nvidia executives emphasized that introducing single...
A critical vulnerability in HTTP/1.1 protocol that exposes tens of millions of websites to hostile takeover through sophisticated desynchronization attacks.
Despite six years of vendor mitigation efforts, PortSwigger's latest research demonstrates that HTTP/1.1 remains fundamentally insecure, with attackers consistently bypassing deployed protections.
The vulnerability...