British security researcher gets invite-only Australian visa after reporting DFAT flaw
TL;DR Jacob Riggs, a 36-year-old British security researcher, was granted Australia's invite-only Subclass 858 National Innovation visa after a multi-stage…
PS5 ROM keys leaked — BootROM codes could ease future jailbreaking
TL;DR Hex strings reported to be PlayStation 5 ROM keys have surfaced, potentially giving researchers the hardware data needed to…
Heap-buffer-overflow in FFmpeg EXIF when writing extra IFD tags
TL;DR A four-byte heap-buffer-overflow was found in FFmpeg's EXIF handling during processing and reserialization of extra IFD tags. The issue…
Researchers disclose Airoha Bluetooth chip flaws that risk headphone takeover
TL;DR Security researchers found three vulnerabilities in Airoha Bluetooth audio chips that can let attackers take over headphones and potentially…
L1TF Reloaded: Researchers demonstrate VM-to-VM data leaks in public clouds
TL;DR A research team published an end-to-end exploit called L1TF Reloaded that chains L1 Terminal Fault (L1TF) with Half‑Spectre to…
Audit Shows ~50 Vulnerabilities Could Let Root Escape FreeBSD Jails
TL;DR A pair of researchers presented a 59-minute analysis of FreeBSD jails that identified roughly 50 kernel-level issues accessible from…
Escaping Containment — Security Analysis Reveals Jail Escape Paths in FreeBSD
TL;DR Researchers Ilja and Michael Smith audited FreeBSD's jail attack surface and identified roughly 50 vulnerabilities across multiple kernel subsystems.…
Holiday disruption: ‘MongoBleed’ zlib bug (CVE-2025-14847) in MongoDB now exploited
TL;DR CISA says a high-severity MongoDB Server flaw, CVE-2025-14847, is being actively exploited after proof-of-concept code surfaced over Christmas. The…
A Vulnerability in Libsodium: Ed25519 low-level point validation bug
TL;DR A flaw was found in libsodium's low-level function crypto_core_ed25519_is_valid_point that allowed some non–main-subgroup Ed25519 points to be accepted. The…
MongoDB Server Security Update, December 2025 — CVE-2025-14847 (Mongobleed) Response
TL;DR MongoDB’s security team discovered a vulnerability (CVE-2025-14847, nicknamed “Mongobleed”) on December 12, 2025 and issued patches across Atlas, Enterprise,…