Security Boulevard

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...

Cloudflare previews 'EmDash' – an AI-driven rebuild of WordPress in TypeScript

The world's most popular CMS has been remade with the help of AI. Cloudflare has released EmDash version 0.1, described as a ...

Google says North Korean hackers behind major attack on Axios

North Korean hackers used an updated version of a known backdoor to target a popular npm package.
Opinion

Mozilla introduces cq, describing it as 'Stack Overflow for agents'

Mozilla is building cq - described by staff engineer Peter Wilson as "Stack Overflow for agents" - as an open source project to enable AI agents to discover and share collective knowledge.