Security Boulevard

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...
Football365

Arsenal ‘handed’ Premier League title by Everton ‘fraud’ after Gunners avoid VAR ‘travesty’

The Mailbox reckons the Premier League title ‘race is over’ after an Everton ‘fraud’ gifted the crown to Arsenal on Saturday evening. Also, VAR, referees and the Premier League product are criticised ...
The Sun

‘Hell of a spot’ – Southampton concede freak goal against Fulham but eagle-eyed referee rules it out over rule break

SOUTHAMPTON keeper Daniel Peretz was a relieved man after Fulham had a goal disallowed in their FA Cup tie because the ball was still rolling during his goal kick. Fulham thought they had taken the ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...