From Descartes to The Matrix, the idea that reality might be a simulation has long fascinated and terrified humanity. Elon Musk recently argued that the simulation hypothesis is most likely true. But if that’s the case, might there be a way to escape back to the real world? Join leading computer scientist Roman Yampolskiy as he argues that if we are living in a simulation, we can also hack our way out of it.
Malicious actors have been observed exploiting a now-patched critical security flaw impacting Erlang/Open Telecom Platform (OTP) SSH as early as beginning of May 2025, with about 70% of detections originating from firewalls protecting operational technology (OT) networks.
The vulnerability in question is CVE-2025–32433 (CVSS score: 10.0), a missing authentication issue that could be abused by an attacker with network access to an Erlang/OTP SSH server to execute arbitrary code. It was patched in April 2025 with versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20.
Then in June 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
SafeBreach found four Windows DoS flaws via RPC and LDAP, enabling stealth DDoS botnets. Microsoft patched in 2025.
A recently fixed WinRAR vulnerability tracked as CVE-2025–8088 was exploited as a zero-day in phishing attacks to install the RomCom malware.
The flaw is a directory traversal vulnerability that was fixed in WinRAR 7.13, which allows specially crafted archives to extract files into a file path selected by the attacker.
“When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of user specified path,” reads the WinRAR 7.13 changelog.
Google is the latest company to suffer a data breach in an ongoing wave of Salesforce CRM data theft attacks conducted by the ShinyHunters extortion group.
In June, Google warned that a threat actor they classify as ‘UNC6040’ is targeting companies’ employees in voice phishing (vishing) social engineering attacks to breach Salesforce instances and download customer data. This data is then used to extort companies into paying a ransom to prevent the data from being leaked.
In a brief update to the article last night, Google said that it too fell victim to the same attack in June after one of its Salesforce CRM instances was breached and customer data was stolen.
ControlVault3 firmware vulnerabilities impacting over 100 Dell laptop models can allow attackers to bypass Windows login and install malware that persists across system reinstalls.
Dell ControlVault is a hardware-based security solution that stores passwords, biometric data, and security codes within firmware on a dedicated daughterboard, known as the Unified Security Hub (USH).
The five vulnerabilities, reported by Cisco’s Talos security division and dubbed “ReVault,” affect both the ControlVault3 firmware and its Windows application programming interfaces (APIs) across Dell’s business-focused Latitude and Precision laptop series.
