Security Boulevard

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...

This powerful Android tool lets me search anything on my screen fast - here's how

I can tap, scribble, or circle anything on my Android phone to learn more in seconds. It even identifies songs.

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
Microsoft

Guidance for detecting, investigating, and defending against the Trivy supply chain compromise

Threat actors abused trusted Trivy distribution channels to inject credential‑stealing malware into CI/CD pipelines worldwide ...
World Bank

Digital Financial Inclusion

This summary is based on the G20 Global Partnership for Financial Inclusion (GPFI) Issues Paper produced by the Consultative Group to Assist the Poor (CGAP) and disseminated for the 2nd GPFI ...