Microsoft Confirms Active 0-Day Exploit—Check Emergency Mitigation

Microsoft Exchange users are urged to mitigate a zero-day vulnerability that CISA has confirmed is under active exploitation.
The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
Bleeping Computer

New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released

A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed "MiniPlasma" that lets attackers gain SYSTEM privileges on fully patched Windows ...
SecurityWeek

OWASP Incubator Project Helps Developers Find and Fix Vulnerable Dependencies in Seconds

CVE Lite CLI helps developers quickly identify and fix vulnerable npm dependencies during development, reducing delays and ...
Bitdefender

BitLocker zero-day exposes Windows drives as PoC goes public

A researcher has released proof-of-concept (PoC) exploit code for two unpatched Windows flaws, including a BitLocker bypass that can expose encrypted drives on affected systems. The BitLocker issue, ...
SecurityWeek

PoC Code Published for Critical NGINX Vulnerability

Introduced in 2008, the critical-severity security defect was patched this week in NGINX Plus and NGINX open source. Because the internal engine state changes between the two passes, if a rewrite ...
GitHub

02-poc-bench.py

OpenClaw on Jetson Orin Nano — PoC benchmark. Mimics the Jetson AI Lab endurance test but uses `openclaw infer model run` (one-shot inference) instead of `openclaw agent`, avoiding a session-takeover ...