exploit - Softonic English

A security vulnerability in Microsoft opens the door to threats from China

A recent investigation has revealed that threat actors with links to China have exploited the security vulnerability ToolShell (CVE-2025-53770) in Microsoft SharePoint. This flaw, which was disclosed and patched in July 2025, allowed significant infiltrations in critical sectors, including a major telecommunications company in the Middle East and various government institutions in Africa and South America. A more serious problem than it seems According to the threat research team at Symantec of Broadcom, CVE-2025-53770, a now-corrected authentication bypass, was exploited by several Chinese cyber-espionage groups, notably Linen Typhoon, Violet […]

A recent investigation has revealed that threat actors with links to China have exploited the ToolShell security vulnerability (CVE-2025-53770) in Microsoft SharePoint. This flaw, which was disclosed and patched in July 2025, allowed significant infiltrations in critical sectors, including a major telecommunications company in the Middle East and various government institutions in Africa and South America.

A problem more serious than it seems

According to the threat research team at Symantec of Broadcom, CVE-2025-53770, a now-patched authentication bypass, was exploited by several Chinese cyber-espionage groups, notably Linen Typhoon, Violet Typhoon, and Storm-2603. These groups have been responsible for sophisticated and diversified attacks, using tools like Zingdoor, ShadowPad, and KrustyLoader to carry out their incursions.

The attacks were not restricted to a single sector, as incidents were reported at a university in the U.S., as well as a government agency in an African country and a financial agency in Europe. The multifaceted approach of these operations suggests a strategic interest on the part of threat actors in stealing credentials and establishing persistent and stealthy access to their victims’ networks.

Additionally, it has been documented that some of the attackers also used additional vulnerabilities and DLL side-loading techniques to deliver their malicious payloads. Among these techniques is the exploitation of CVE-2021-36942, an exploit known for its privilege escalation capability, which reinforces the sophistication of their approach.

The findings of the report suggest that, while there is an overlap in the types of victims and tools used, these activities have not been definitively attributed to a specific group. However, all evidence points to the fact that behind these operations are threat actors based in China.

Windows 11 DOWNLOAD

Battlefield 6 has a glitch that allows its players to fly, but EA is not amused by it

A new glitch in Battlefield 6 has generated a stir among players, allowing users to elevate themselves to great heights by getting on a reconnaissance drone and hitting it with a hammer. This exploit, which has been showcased in viral videos, not only results in a humorous appearance but also offers players a clear strategic advantage. From an elevated position, players can observe the chaos of the battle at their feet while shooting with sniper rifles, which adds a level of frustration for those below. It doesn’t sit well with some either

A new glitch in Battlefield 6 has caused a stir among players, allowing users to elevate themselves to great heights by getting on a reconnaissance drone and hitting it with a hammer. This exploit, which has been showcased in viral videos, not only results in a humorous appearance but also offers players a clear strategic advantage. From a high position, players can observe the chaos of the battle below while sniping with rifles, adding a level of frustration for those on the ground.

It doesn’t please some players much either

The functioning of the glitch is surprisingly simple: players just need to get on a teammate’s drone and hit it repeatedly, allowing them to ascend until they reach the map’s limits. This mechanic has raised concerns within the community, as the ability to shoot from the sky could destabilize the balance of the game. Many players believe that this type of exploit should be addressed immediately to maintain a fair and competitive experience.

It is anticipated that Electronic Arts (EA) will act quickly to fix this bug, which could limit its use among players. In fact, the company has taken drastic measures in the past, including a massive ban of cheaters in response to other exploits, such as the ladder glitch, which allowed excessive jumps. The fans’ reaction has been clear: they demand a fair gaming environment and have shown their discontent towards those who use these unethical methods.

With the Battlefield 6 community raising their voices, the future of this glitch, like other similar ones, is hanging by a thread, and many hope that EA will act before the imbalance becomes more entrenched in the game.

Steam DOWNLOAD

Discover a vulnerability in the architecture of Chrome and Google rewards him with 250,000 dollars

Google has awarded a historic reward of $250,000 to the security researcher known as Micky for discovering a critical vulnerability in the architecture of the Chrome browser. This vulnerability made it easier for malicious websites to escape Chrome’s sandbox protection, allowing arbitrary code execution on victims’ systems. A historic reward The flaw was due to an error in Chrome’s Inter-Process Communication system, particularly within the IPCZ transport mechanism. According to the details provided, the error was in the Transport::Deserialize function, where the system did not properly validate the header.destination_type parameters before […]

Google has awarded a historic reward of $250,000 to the security researcher known as Micky for discovering a critical vulnerability in the architecture of the Chrome browser. This vulnerability made it easier for malicious websites to escape Chrome’s sandbox protection, allowing arbitrary code execution on victims’ systems.

A historic reward

The failure was due to an error in Chrome’s Inter-Process Communication system, particularly within the IPCZ transport mechanism. According to the details provided, the error was in the Transport::Deserialize function, where the system did not adequately validate the header.destination_type parameters before creating transport objects. This allowed a malicious rendering process to manipulate this parameter to impersonate a privileged broker process.

The required attack vector was a multi-step process in which a compromised renderer sent manipulative messages to take control of the browser process resources. The proof of concept of the exploit demonstrated the ability to bypass the sandbox by duplicating handles of privileged browser processes, which included full permissions to execute system commands.

The decision to grant such a high reward reflects not only the sophistication of the exploit but also Google’s commitment to incentivizing security research, especially in critical areas of its browser. The vulnerability was responsibly disclosed on April 22, 2025, and Google’s security team, led by Alex Gough, implemented fixes in May 2025. These included the removal of transitive trust from transports and the implementation of stricter validation of the reliability of endpoints within the IPCZ system.

This event underscores the importance of collaboration between security researchers and technology companies to maintain the integrity and security of digital platforms.

Google DOWNLOAD

Google releases an update for Chrome that you need right now to protect your computer

Google has recently released updates to address six security issues in its Chrome browser, highlighting a critical vulnerability classified as CVE-2025-6558, which has already been exploited in the wild. This high-severity flaw has a CVSS score of 8.8 and is related to the improper validation of untrusted inputs in Chrome’s ANGLE and GPU components. A critical browser vulnerability The vulnerability allows a remote attacker to bypass the browser’s security restrictions through a malicious HTML page. This could compromise systems without the need for users to perform downloads or […]

A critical browser vulnerability

The vulnerability allows a remote attacker to bypass the browser’s security restrictions through a malicious HTML page. This could compromise systems without the need for users to perform downloads or additional interactions. The vulnerability was discovered by Clément Lecigne and Vlad Stolyarov from Google’s Threat Analysis Group on June 23, 2025, and is considered a particular risk, as it could result in a sandbox escape, granting access to low-level operations and potentially to the user’s systems.

Although Google has not revealed the exact nature of the attacks that exploit this vulnerability, it is acknowledged that an “exploit for CVE-2025-6558 exists in the wild,” suggesting the possibility of involvement from state actors. This announcement comes shortly after Google addressed another Chrome vulnerability (CVE-2025-6554) that also had a high potential for exploitation.

Since the beginning of the year, Google has fixed five critical vulnerabilities in Chrome that have been actively exploited or have been demonstrated as proof of concept. To protect against potential threats, users are advised to update their Chrome browser to versions 138.0.7204.157 and 138.0.7204.158 for Windows and macOS, and 138.0.7204.157 for Linux. Users of other Chromium-based browsers, such as Microsoft Edge and Brave, should also apply the available patches.

Google Chrome DOWNLOAD

An exploit in Diablo 4 brings witchcraft to the game, but not in the way its developers intended

The recent Season 7 of Diablo 4 has introduced new sorcery powers, highlighting the Decay Augmentation, a mechanic that, far from being just an addition, has become the epicenter of a controversial exploit among players. Since its release just over a week ago, this bug has allowed some players to inflict massive damage, reaching figures that exceed trillions. Using this power, players have managed to overcome the game’s most difficult content in record times. An exploit that makes it impossible to surpass the leaders on the leaderboards in the trials. Notable players like KerkyBoi […]

The recent Season 7 of Diablo 4 has introduced new sorcery powers, highlighting the Decay Augmentation, a mechanic that, far from being just an addition, has become the epicenter of a controversial exploit among players. Since its release just over a week ago, this bug has allowed some players to inflict massive damage, reaching figures that exceed trillions. Using this power, players have managed to overcome the game’s most difficult content in record times.

An exploit that makes it impossible to surpass the leaderboard leaders in trials

Outstanding players like KerkyBoi and Mekuna have recorded impressive performances on the leaderboards, with KerkyBoi achieving a time of 2:48 minutes in the most challenging task. Meanwhile, Mekuna secured a close second place with 6:27 minutes. “It’s like magic, everything explodes,” Mekuna comments, as he demonstrates the skill to exploit the bug almost nonchalantly. Although the technical mechanics are confusing, it is clear that the power is functioning in a non-traditional way, causing concern among the community of developers and players.

A spokesperson for Blizzard has stated that the development team is aware of the exploit and considers it a high priority to be fixed. Although the company has had a variable approach to resolving bugs and exploits in the past, sometimes fixing them quickly and other times waiting until a full season, the fact is that this situation has raised concerns about the game’s balance.

Season 7 not only brings new challenges, but also incorporates elements that many fans had been waiting for since the launch of Diablo 3. However, the controversy surrounding this exploit generates a debate about how Blizzard will address these types of issues in the future. Meanwhile, the community continues to explore these new powers, hoping that a solution will arrive soon.

Xbox Game Pass DOWNLOAD