Security Boulevard

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...

Qualcomm Snapdragon X2 Elite Extreme Review: New ASUS And HP Laptops Tested

Laptops powered by the Qualcomm Snapdragon X2 Elite go on sale soon and we've taken two machines for a spin through an array of benchmarks. - Page 2 ...
The Hacker News

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...
NBC News

Interstellar object 3I/Atlas spotted passing by Mars in new images

NBC News' Gadi Schwartz talks to Harvard Professor Avi Loeb about the new images released of interstellar object 3I/Atlas as it passed by Mars and how the government ...