Day two of Pwn2Own Berlin 2026 saw $385,750 earned for 15 zero-days, bringing the total to $908,750 and 39 vulnerabilities over two days. During the second day of Pwn2Own Berlin 2026, security researchers earned $385,750 after successfully demonstrating 15 unique zero-day vulnerabilities affecting products such as Windows 11, Microsoft Exchange, and Red Hat Enterprise Linux […]
 |
Just here to share a project I’m working on. It’s a 100% open source (hardware, firmware, mechanical, etc) USB drive with a hidden security feature. When you plug it in, it appears as a normal 8GB USB drive. Only if you create a file called “unlock.txt” with the contents “password:addyourpasswordhere” will it unlock and show the remainder of the drive. Everything in this second section of the disk is now AES256 encrypted in place, using a custom KDF + your password. I’ll answer some questions before people ask them 🙂 Q: Isn’t this just Vercrypt? A: No, a normal drive setup with veracrypt will show up as jumbled data. This is pretty obviously encrypted media. If you enter your duress password, there will still be another xMB of jumbled data. Q: Isn’t entering your password into a plain text file insecure. A: My drive doesn’t allow this write to actually happen to the memory Q: Why did you use a SD card A: Because AI made EMMC cards like 80$ for a 32GB. It takes two seconds for me to spin another board with EMMC in the future. Anyways feel free to ask any more questions about the project 🙂 ! submitted by /u/Machinehum |
Microsoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. Microsoft warned that threat actors are actively exploiting a new Exchange Server zero-day vulnerability tracked as CVE-2026-42897 (CVSS score 8.1). The vulnerability is an improper neutralization of input during web page generation (‘cross-site scripting’) in Microsoft Exchange […]
 |
Hey, The team behind the Proxmark3 RDV4 and Iceman firmware just launched the Proxmark5. It’s a major upgrade for RFID/NFC pentesting and research. Key upgrades:
It’s fully open source and built for serious hardware hacking. Simple product shot of the Iceman Edition:[Image attached — clean device photo] Campaign is live on Indiegogo if you’re interested: https://www.indiegogo.com/projects/rfidresearchgroup/proxmark5 Curious to hear what the community thinks especially anyone doing RFID / NFC / red teaming submitted by /u/iceman2001 |
ESET uncovered new Ghostwriter (aka FrostyNeighbor) activity targeting Ukrainian government organizations in a campaign active since March 2026. ESET researchers published a new report documenting fresh activity attributed to the APT group FrostyNeighbor, aka Ghostwriter, active since at least March 2026, targeting Ukrainian governmental organizations. The campaign is similar to previous FrostyNeighbor’s campaigns. The threat […]
Researchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and the CTFMON framework. A security researcher known as Chaotic Eclipse, also called Nightmare-Eclipse, disclosed two new Windows zero-day vulnerabilities named YellowKey and GreenPlasma. The flaws affect BitLocker and the Windows Collaborative Translation Framework (CTFMON). YellowKey could allow attackers to bypass BitLocker protections, […]
Pwn2Own Berlin 2026 day one saw 22 entries and 24 zero-days across major software, with researchers earning $523,000 in total rewards. Day one of Pwn2Own Berlin 2026 featured 22 entries targeting widely used technologies, including browsers, operating systems, AI platforms, and NVIDIA infrastructure. By the end of the day, researchers demonstrated 24 unique zero-day vulnerabilities […]
Will the HighBoy perform a single device rolljam attack? submitted by /u/rubberghost333 [link] [comments]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Cisco Catalyst SD-WAN, tracked as CVE-2026-20182 (CVSS score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. Cisco fixed CVE-2026-20182, a flaw in SD-WAN control […]
Fragnesia, a new Linux kernel flaw tracked as CVE-2026-46300, could let local attackers gain root access through page cache corruption. Researchers disclosed a new Linux kernel privilege escalation vulnerability named Fragnesia, tracked as CVE-2026-46300 (CVSS score of 7.8). The flaw affects the XFRM ESP-in-TCP subsystem and could allow local attackers to gain full root access […]
