Security Boulevard

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...

Air Canada CEO Michael Rousseau’s retirement advanced by a year after English-only video controversy

Montreal-based Air Canada is interviewing internal and external CEO candidates after announcing on Monday that Mr. Rousseau, ...

Anthropic accidentally exposed Claude Code source, raising security concerns

The exposure traces back to version 2.1.88 of the @anthropic-ai/claude-code package on npm, which was published with a 59.8MB ...

8 spring cleaning tips that will renew your love for reading

If you've been pulled toward your phone more than your books lately, you're not alone. According to a new nationwide survey ...

The U.S. will emerge from the war with Iran as a lesser power

What has changed is the quantum of American power, either in reality or perception. The Iran war has the makings of a ...

Google fixes fourth Chrome zero-day exploited in attacks in 2026

In 2025, Google fixed a total of eight zero-days exploited in the wild, many of which were discovered and reported by ...
NPR

NPR Corrections

A previous version of this story incorrectly said that NPR requested data on 287(g) agreements signed during the administration of President George H. W. Bush. In fact, the request was for data from ...