CVE-2025-31277 Inside the JavaScriptCore JIT Vulnerability That Opened iPhones to DarkSword

Executive Summary CVE-2025-31277 is a JIT type confusion / use-after-free memory corruption vulnerability in JavaScriptCore — the JavaScript engine that powers Apple’s Safari browser and WebKit ru...

Mar 21, 2026 security

DarkSword The Six-Stage iOS Exploit Kit Used by States, Spies, and Surveillance Vendors

Executive Summary DarkSword is the most sophisticated publicly documented iOS exploit kit to date — a fully weaponized, JavaScript-based full-chain exploit framework that compromises any iPhone ru...

Mar 21, 2026 security

CVE-2026-20131 CVSS 10.0 Cisco Firewall Management Center Zero-Day Exploited by Interlock Ransomware

Executive Summary CVE-2026-20131 is a CVSS 10.0 Critical Remote Code Execution vulnerability in Cisco Secure Firewall Management Center (FMC) Software — the centralized management platform control...

Mar 20, 2026 security

CVE-2026-20963 Microsoft SharePoint Deserialization RCE - Technical Deep Dive

Executive Summary CVE-2026-20963 is a high-severity Remote Code Execution (RCE) vulnerability in Microsoft Office SharePoint, rooted in the insecure deserialization of untrusted data (CWE-502). Pu...

Mar 19, 2026 security

CVE-2025-68613 n8n Expression Injection - When Your Automation Hub Becomes a Master Key

Executive Summary CVE-2025-68613 is a critical Remote Code Execution (RCE) vulnerability in n8n, one of the world’s most widely used open-source workflow automation platforms. The flaw resides in ...