PhantomRPC is an architectural weakness in the Windows Remote Procedure Call (RPC) runtime that allows low-privileged processes to escalate to SYSTEM or Administrator by impersonating privileged clients. Disclosed by Kaspersky’s Haidar Kabibo at Black Hat Asia 2026, the flaw stems from how rpcrt4.dll handles connections to unavailable RPC servers: when a privileged process attempts an RPC call to a server
Category: Hacking and Exploits
Web-Hacking, 0-Day, Malware, Ransomware, Exploit, Vulnerabilities, Privilege-Flaw, Privilege-Escalation, Zero-Day, Exploit, Jailbreak, Penetration-Testing, Trojan, Spyware, Rootkit, Worm, Backdoor, Payload, Obfuscation, DDoS, Phishing, MITM, Spoofing, Brute-force, Port-Scan, SQLi, XSS, CSRF, Path-Traversal, LFI, RFI, Insecure-Deserialization, Buffer-Overflow, CVE, Exploit-Kit, Shellcode, bug bounty, ethical hacking, CTF, capture the flag, offensive security, red team exercise, exploit development, reverse engineering, vulnerability research, credential harvesting
CISA: Zimbra XSS (CVE-2025-48700) Now Exploited — 10,500+ Servers Vulnerable
Over 10,000 instances of the Zimbra Collaboration Suite are exposed online and remain vulnerable to an actively exploited cross-site scripting flaw, raising fresh alarms about email server security for governments and businesses alike. The vulnerability, tracked as CVE-2025-48700, is serious because it can be triggered without user interaction and has been confirmed as abused in the wild, prompting action from
Hackers Leverage Microsoft Teams to Breach Organizations: Inside UNC6692’s SNOW Campaign
In late 2025 and into early 2026, a sophisticated intrusion campaign used the everyday familiarity of Microsoft Teams to turn routine collaboration into a direct route for enterprise compromise. By posing as IT helpdesk staff and exploiting users’ trust in external Teams invitations, the threat group tracked as UNC6692 moved from a simple chat message to full domain-level access—without exploiting
109 Fake GitHub Repositories Used to Deliver SmartLoader and StealC Malware
A large-scale campaign recently uncovered shows how attackers abused the trust developers place in open-source hosting to distribute two dangerous malware families, SmartLoader and StealC. By cloning legitimate projects and burying malicious ZIP archives deep inside repository structures, the threat actor made harmful downloads look like routine releases. For many victims the repository looked authentic at a glance: real source
Google Cloud and Wiz Turn Defense Into an Agentic Response to AI-Powered Attacks
Attackers and defenders are now playing with the same toys: powerful AI models that can find and exploit zero-day vulnerabilities in hours. At Google Cloud Next ’26, Google and Wiz unveiled a set of AI-driven defenses designed to shrink the time between discovery and remediation — and to automate much of the manual work that has left security teams lagging
Lovable AI App Builder Reportedly Exposes Thousands of Projects’ Source Code and Customer Data
A critical Broken Object Level Authorization (BOLA) vulnerability in Lovable, an AI-powered app builder, has reportedly left thousands of legacy projects accessible to unauthorized users. According to security researchers, an API endpoint returned full project data — including source code, database credentials, AI chat histories, and customer information — for projects created before November 2025. While Lovable appears to have