< ciso
brief />
Tag Banner

All news with #exploit tag

22 articles · page 2 of 2

Researchers Warn RondoDox Botnet Expands Exploitation

🔍 Trend Micro warns that RondoDox botnet campaigns have significantly expanded their targeting, exploiting more than 50 vulnerabilities across over 30 vendors to compromise routers, DVR/NVR systems, CCTV devices, web servers and other networked infrastructure. First observed by Trend Micro on June 15, 2025 via exploitation of CVE-2023-1389, and first documented by Fortinet FortiGuard Labs in July 2025, the threat now leverages a loader-as-a-service model that co-packages RondoDox with Mirai/Morte payloads, accelerating automated, multivector intrusions. The campaign includes 56 tracked flaws—18 without CVEs—spanning major vendors and underscores urgent detection and remediation needs.
read more →

Apple Adds Always-On Memory Integrity Enforcement Feature

🔒 Apple has introduced Memory Integrity Enforcement in the iPhone 17, a hardware-aware, always-on defense against memory-safety exploits used by spyware like Pegasus. Building on Arm’s MTE and its 2022 Enhanced Memory Tagging Extension, Apple’s implementation tags allocations with secrets and verifies them on every access. The company says the protection runs continuously without noticeable performance loss. Apple collaborated with Arm and tuned the chip-level design to make exploitation of memory-corruption bugs significantly harder while preserving compatibility with existing code.
read more →