A critical SQL injection flaw (CVE-2025-54119, CVSS 10.0) in ADOdb’s SQLite3 driver allows arbitrary SQL execution via improperly escaped table names.

Amazon is reorganizing its audio division, integrating Wondery's narrative content into Audible and creating a new "Creator Services" team for celebrity-led podcasts.

Broadcom has shipped Jericho4, a new 3nm Ethernet router designed for distributed AI. It connects over a million XPUs across data centers with lossless, secure 3.2 Tbps HyperPorts.

Meta is reportedly in talks to acquire AI video startup Pika Labs, a move that would accelerate its push into generative AI and short-form video creation for its platforms.

Elon Musk's xAI has filed a trademark for “MacroHard,” a provocative jab at Microsoft. The move hints at a new multi-agent AI venture and reignites a simmering rivalry with Bill Gates.

Google's August 2025 Android Security Bulletin addresses a critical RCE flaw (CVE-2025-48530) in the core System component, which requires no user interaction for exploitation. Update now!

McAfee uncovers a new Android malware campaign targeting Indian users. The malware impersonates major banks to steal financial data and silently mines Monero in the background.

NVIDIA has patched multiple critical flaws (CVSS 9.8) in its Triton Inference Server. A vulnerability chain allows unauthenticated attackers to gain RCE and seize AI servers.

Cleafy uncovers PlayPraetor, a Chinese-speaking MaaS Android RAT that has infected 11,000+ devices, using real-time control via Accessibility Services to conduct on-device fraud.

APT36, a Pakistan-linked threat actor, is targeting Indian government officials with phishing campaigns that mimic official websites to harvest credentials and Kavach MFA OTPs in real time.

SentinelLABS and Beazley expose PXA Stealer, a Python-based infostealer campaign targeting 62 countries with stealthy DLL sideloading, decoy files, and Telegram-based data exfiltration.

Dell patched a critical flaw (CVE-2025-36594) in DD OS allowing unauthenticated remote auth bypass. DDSH CLI flaws (CVE-2025-30096-30099) also patched.

ThreatLabz reveals the evolution of Raspberry Robin malware, now featuring stronger encryption, complex obfuscation, and a new privilege escalation exploit to bypass detection.

Veracode warns of a North Korean cyber-espionage campaign using malicious NPM packages to spread Beavertail malware and steal crypto from developers via fake interview tasks.

A new report reveals Kimsuky, a North Korea-linked APT, is using sophisticated LNK files and reflective payloads to infiltrate systems and conduct cyberespionage against South Korean targets.

Huntress and other firms warn of a likely zero-day vulnerability in SonicWall VPNs. Attackers are bypassing MFA and deploying Akira ransomware within hours of initial access.

Before the tools come out, I like to get my hands dirty — and here’s why that matters.

Free Link 🎈

Ever tried to peek behind the curtain of a website? Maybe you’re curious how apps talk to each other. Or you keep hearing about “Burp…

How a Simple Payload Uncovered a Real Vulnerability on MTN’s Website

The buried aren’t always silent