More results...
After gaining attention from Neowin and DistroWatch last week, the sole maintainer behind AnduinOS 1.3 — a Linux distribution styled to resemble Windows 11 — decided to reveal himself. He turns out to be Anduin Xue, a Microsoft software engineer, who…
Google has released fixes for a bucketload of Android security vulnerabilities, including a FreeType flaw (CVE-2025-27363) that “may be under limited, targeted exploitation.” About CVE-2025-27363 CVE-2025-27363 is an out of bounds write vul…
An anonymous reader quotes a report from Ars Technica: Google’s accelerated Android release cycle will soon deliver a new version of the software, and it might look quite different from what you’d expect. Amid rumors of a major UI overhaul, Google seem…
Google addressed 46 Android security vulnerabilities, including one issue that has been exploited in attacks in the wild. Google’s monthly security updates for Android addressed 46 flaws, including a high-severity vulnerability, tracked as CVE-2025-27363 (CVSS score of 8.1), that has been exploited in the wild. The company did not disclose any details regarding the attacks […]
Android’s May 2025 security update includes patches for an exploited vulnerability in the FreeType open source rendering engine.
The post Android Update Patches FreeType Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.
Chained exploitation through misconfigured web app and internal services. We started by exploiting a WordPress plugin vulnerability (CVE-2023-26326) to upload files, followed by a file read vulnerability (CVE-2024-2961) for remote code execution. From there, we cracked the database credentials, gained SSH access as the shawking user, and leveraged a vulnerable API endpoint to escalate to root. This highlights how overlooked configurations and service misconfigurations can lead to a full server compromise.
#CTF #PrivilegeEscalation #WebSecurity #CommandInjection #SSH #WordPress #LinuxPentesting #BugBounty #HackTheBox #RedTeam #CyberSecurity
The post HackTheBox – BigBang Machine Walkthrough (Hard Difficulty) appeared first on Threatninja.net.
The mobile threat landscape has shifted. According to Zimperium’s 2025 Global Mobile Threat Report, attackers are now prioritizing mobile devices over desktops. For enterprises, mobile is no longer a secondary risk. It’s now one of the primary at…
Google Play’s app marketplace has seen a dramatic 47% drop in available apps
— from 3.4 million to 1.8 million — since the start of 2024. An analysis by app intelligence provider Appfigures attributes the decline to stricter quality standards, expan…
LG will permanently shut down its Android smartphone update servers on June 30, 2025, ending all software, app, and security updates for its devices. If you’re still using an smartphone, you’ll want to install any remaining updates before that date, as…
Security researchers have exposed critical vulnerabilities in Qualcomm GPU drivers, impacting a vast array of Android devices from brands like Samsung, Honor, Xiaomi, and Vivo. These exploits, centered around the GPU Address Fault (GPUAF) primitive, ta…