April 17, 2025

                April 17, 2025

            April 17, 2025

            April 17, 2025
This is unhinged, and hilarious.

Story live: CISA extends MITRE-backed CVE contract hours before its lapsehttps://t.co/djgU2FMkCM
— David DiMolfetta (@ddimolfetta) April 16, 2025

How I Got Hacked: A Warning about Malicious PoCs - @Chocapikk_ https://t.co/SBlcmmWa7H
— Swissky (@pentest_swissky) April 15, 2025

I just hacked multiple @lovable_dev 'top launched' sites

Wait—what? 

In less time than it took me to finish my lunch (47 mins), I extracted from live production apps: 
💰Personal debt amounts 
🏠Home Addresses
🗝️API keys (admin access) 
🔥Spicy Prompts  

Screenshots in thread…
— Danial Asaria (@danialasaria) April 14, 2025

https://antirez.com/news/150

Recently I was targeted by an extremely sophisticated phishing attack, and I want to highlight it here. It exploits a vulnerability in Google's infrastructure, and given their refusal to fix it, we're likely to see it a lot more. Here's the email I got: pic.twitter.com/tScmxj3um6
— nick.eth (@nicksdjohnson) April 16, 2025

🍏iOS 18.4.1 dropped fixing a CoreAudio memory corruption and PAC bypass stating “that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS.”https://t.co/2cQFQM6rGF
— Alex Plaskett (@alexjplaskett) April 16, 2025

Some rather neat (worrisome?) bugs patched in macOS 15.4.1 that appear to have been exploited in the wild! 👀https://t.co/MjKnrDU9qt pic.twitter.com/iK6Gh9u2VF
— Patrick Wardle (@patrickwardle) April 16, 2025

Chris Krebs Exits SentinelOne After Security Clearance Pulled - https://t.co/6LFavylFD8
— SecurityWeek (@SecurityWeek) April 16, 2025

Lock in, fellas. The B2B SaaS market just got a whole lot bigger. pic.twitter.com/GpkxLrRJhw
— Kyle Harrison (@kwharrison13) April 17, 2025

Sharing our slides for Blackhat Asia 2025 and NDSS 2025: https://t.co/jKUpwiHzlQ
— zhiniang peng (@edwardzpeng) April 17, 2025

Oh come the f***🤬 on. You gotta be kidding.

If an attacker can get a user to click a bloody WebEx meeting invite link they can compromise the user's device. Because version 44.6 of WebEx stopped validating meeting invite links content properly.https://t.co/Ect7l98ktf pic.twitter.com/6HCAQmW5RD
— Brian in Pittsburgh (@arekfurt) April 17, 2025

Experts Uncover Four New Privilege Escalation Flaws in Windows Task Scheduler https://t.co/PKwSQujfIp
— Nicolas Krassas (@Dinosn) April 17, 2025

I admit I'm somewhat guilty of this, but I believe my CVE quality has improved over time (spoiler: not entirely 🤡).

CVE value has clearly declined over the years, with CVE IDs handed out freely to non-issues. The Linux kernel receiving numerous CVEs monthly for issues with zero… https://t.co/FtatajoXws
— Pedro Ribeiro (@pedrib1337) April 17, 2025

Don't miss what's next. Subscribe to the grugq's newsletter: