First-Ever 1- Click Android 17 Exploit Allows Attackers to Gain Full Control Over Your Android Phone
Source: https://t.co/yBgdracx7J
A full-chain exploit dubbed "IonStack" demonstrates how a single malicious URL click can hand attackers complete control over an Android device.
The proof-of-concept, described as the world's first public Android 17 root demo, chains two zero-day vulnerabilities spanning Firefox and the Linux kernel to achieve remote code execution and privilege escalation without further user interaction.
The exploit chain works by first compromising the Firefox renderer process through the browser flaw, then pivoting to the underlying Linux kernel (which powers Android) to break out of sandbox restrictions entirely.
#cybersecuritynews #android
⚠️ UPDATE: New Court Files Reveal How Microsoft Helped the FBI Identify Peter Stokes "Bouquet" (Scattered Spider Member)
The court files reveal that Microsoft helped the FBI track Peter Stokes down using GDID — a Global Device Identifier, which is assigned to every Windows installation and cannot be changed unless the OS is wiped. The GDID helped them track:
• IP history
• Full web activity
• Video game activity and games played
• Logged-in social accounts, including Snapchat, Facebook, and Apple
According to the court documents, the critical mistake was using a VPN to create the ngrok account used in the May 2025 Tiffany & Co. hack from the same Windows device associated with his GDID.
Although the account was created from a VPN IP address ending in .168, Microsoft records show that the same GDID (6755467234350028) accessed the ngrok signup page at the exact time the account was created, linking the hack to his personal social accounts.
It took a little longer than expected, but we have created a website for people to view the footage collected from Gaza in one place. You no longer have to download the entire archives to see them.
It includes:
64,537 videos
17,905 photos
Ability to download individual videos
Searchable index
Exhaustive sources list (300+ journalists)
Geolocation data
Livemap with minute to minute updates
Victim list
It can be accessed here: https://t.co/s0Se94PXWF
Please share & quote tweet to help this post break out of the twitter algorithm prison.
We will keep adding the rest of the archives to the site, be patient- it is difficult work. Continue to seed the torrents provided, as that is the best way to ensure the footage remains stored in decentalized way.
God bless all those who sacrificed their lives to get this footage out, and everyone invovled in collecting/archiving it.
Join our telegram:
https://t.co/bvcis3b9GT
Follow our backup accounts:
@ZionismExposedx & @IsraelExposedAr
Android 17 root
Full chain browser-to-kernel exploit with two 0-day vulnerabilities affecting Firefox before v151.0.2 (CVE-2026-10702)
Click on the link -> root Android
Discovered by @nebusecurity
PoC not available.
Info: https://t.co/1dmlWIsuyR
🚨 CHINA LE ROBÓ LA IA A ANTHROPIC.
Y lo hicieron durante 45 días seguidos.
Anthropic acaba de acusar a Alibaba de lanzar el mayor ataque de robo de IA de la historia.
El objetivo: extraer las capacidades de Claude… sin pagar ni un dólar.
Cómo lo hicieron:
→ Crearon casi 25.000 cuentas falsas
→ Ejecutaron 28,8 millones de conversaciones con Claude
→ Todo entre el 22 de abril y el 5 de junio de 2026
El método se llama “ataque de destilación”.
Básicamente: entrenan tu propio modelo… con las respuestas del modelo de tu competidor.
Anthropic tiene a Claude bloqueado en China.
Alibaba encontró la forma de saltárselo igualmente.
Y no fue solo Alibaba.
DeepSeek, Moonshot AI y MiniMax también están en la lista.
Anthropic ya envió una carta al Senado y a la Casa Blanca.
Piden medidas urgentes.
La guerra por la IA no es solo tecnológica.
Es una guerra de espionaje industrial.
Y acaba de hacerse pública.
Here goes nginx-quicburst (CVE-2026-42530), a new RCE in Nginx discovered by our security agent VEGA and demonstrated by Nebula Security.
This is only the third NGINX vulnerability since 2014 to receive NGINX’s “major” severity rating. If you use Nginx 1.31 with QUIC enabled, we recommend upgrading to the latest version.
This bug has been patched in the latest Nginx release. We will publish the technical writeup, including the ASLR bypass, on July 18 together with the previous nginx-poolslip writeup.
JUST IN: 🇺🇸 US government orders Anthropic to suspend foreign access to Mythos Fable 5 AI model, citing national security concerns.
Anthropic has disabled access for all users worldwide.
‼️🚨 Pwn2Own Berlin 2026 just hit a wall. For the first time in 19-years, ZDI rejected dozens of working zero-day RCE submissions because organizers ran out of contest slots.
Rejected hackers are now going public with PoC demos and direct vendor disclosures, breaking Pwn2Own's usual secrecy.
▪️ AI surfaces a massive wave of 0-day RCEs.
▪️ Submissions overwhelm ZDI past max capacity.
▪️ Slots run out. Researchers with working chains get rejected.
▪️ "Revenge disclosures" begin. ← we are here.
Confirmed casualties so far:
▪️ @xchglabs : 86 vulnerabilities prepared (PyTorch, NVIDIA, Linux KVM, Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp). All rejected. Now reporting directly to vendors with writeups dropping as patches land.
▪️ @ggwhyp : full-chain Firefox RCE on Windows. Rejected. Publicly demoed (HTML page → cmd.exe → calc.exe). Responsibly disclosed to Mozilla.
▪️ @yunsu_dev : working RCE chain, rejected. Submitting elsewhere.
▪️ @ryotkak : tried to register for 3+ weeks. ZDI confirmed "at maximum capacity, can't add extra contest days." Considered canceling flight and hotel.
▪️ @anzuukino2802 : Claude Code RCE PoC. Rejected.
▪️ @desckimh : 0-day RCEs in Ollama and LM Studio. Rejected.
Reported impact: a community-estimated 150+ researchers tried to register. Accepted contestants are now being warned about collisions. Rejected vulnerabilities going to bug bounty programs may trigger pre-event patches that invalidate the work of those who got in.
ZDI has not publicly addressed the capacity issue. The event still runs May 14-16 in Berlin.
‼️🚨 The official JDownloader website was breached, attackers swapped the Windows and Linux installers with malware for over a day before anyone noticed.
JDownloader is a popular download manager with millions of users on Windows, macOS, and Linux.
Timeline:
▪️ May 5, 23:55 UTC: attacker tests the method on a dummy page.
▪️ May 6, 00:01 UTC: real attack goes live. Alternative download links for Windows and Linux are replaced with malicious installers.
▪️ May 7: a Reddit user notices Windows SmartScreen flagging the installer with a strange publisher ("Zipline LLC", "The Water Team", "Peace Team") instead of "AppWork GmbH".
▪️ Hours later, the JDownloader dev team confirms the breach and takes the site offline.
How they got in: an unpatched vulnerability let attackers modify the website's access control list (ACL), give themselves edit rights, and swap the download links. No further details on the bug have been shared.
What's compromised:
▪️ Windows installer (alternative download links).
▪️ Linux shell installer (alternative download links).
What's safe:
▪️ macOS installers (still validly signed).
▪️ The core JDownloader.jar file.
▪️ Flatpak, Winget, and Snap packages (separate infra, sha256 checksums unchanged).
▪️ In-app auto-updates (separate servers, end-to-end signed).
If you downloaded JDownloader from the website between May 6 and May 7, treat your machine as compromised.
This is the third trusted-software website breach in recent weeks, after Daemon Tools and CPU-Z / HWMonitor.
This says a lot about the quality control of samsung starting with back glass peeling issue and green line. As a customer who paid a premium amount for this device I expected more. It is very sad to realise the situation that the company that I once admired has come to this state
@SamsungIndia The worst smartphone experience I've ever had in my life,this was my first brand new samsung smart phone which bought back inI paid around 97000 INR(~1025 USD) I was always been a samsung enthusiast from the galaxy S series and S series edge times and this happened:
Fast forward to today which is 5th May 2026, when I opened my phone in the evening, there it is the notorious green line creeping up in my screen so I thought it might be a random issue since the line was very thin I restarted my device but nope, now the line's much more thicker.
I bought my s23U back in December 2023 and was excited but that didn't lasted long as by the end of 2024, i noticed for no reason at all, the glue used for the back glass started to leak inside my phone case, and 2025 March it just popped off easily when i opened the case.