HackingPassion.com : [email protected][~]

usbliter8 takes control of the iPhone XS and iPhone 11 before iOS even loads, and no update Apple ships can ever close it.

The flaw lives in the SecureROM, the first piece of code a device runs the moment it powers on. That code is burned into the chip at the factory and cannot be rewritten afterward. A device that gets hit stays explo...

FortiBleed Fortinet credential leak. Attackers can log into more than 80,000 corporate firewalls right now, and on 2,645 of them the password was 123456. The username on those devices was admin3, the password was 123456, and it opened full administrative access to the firewall that stands between a company network and the open internet.

These are not s...

A 27-year-old flaw in OpenBSD let attackers bypass its PPP login with nothing more than an empty username and an empty password. Hand a vulnerable system a blank name and a blank password, and its own login check treated that as a perfect match and let the connection in.

The problem sits in the part of OpenBSD that handles PPP<...

1.2 million WordPress sites were caught in a supply chain attack last week, where the admin’s own login quietly created a secret account and planted a hidden backdoor. It came in through plugins they trusted, OptinMonster, TrustPulse and PushEngage, and it only fired on the sites where an administrator was logged in.

Sansec found it on 13 June 2026. The poisoned script...

More than 400 packages in the Arch User Repository (AUR) were hijacked this week, and the attacker never broke into a single system to do it. They took over packages whose makers had walked away, then let people install the malware during a routine update they had no reason to question. 🐧

The AUR is the place where community members write and share the recipes for ins...