The AI Era Is Creating a Bug-Hunting Arms Race
…As security researcher Himanshu Anand wrote earlier this month, “The 90 day responsible disclosure window was built for a world where bug finders were rare and exploit development was slow. That world…
Search
All sources
bleepingcomputer.com
17
theregister.com
14
phoronix.com
10
tomshardware.com
8
amd.com
8
notebookcheck.net
5
hothardware.com
5
wired.com
5
windowscentral.com
4
theverge.com
4
androidauthority.com
4
tweaktown.com
3
Videos
More videos
Dirty Frag Won't Be The Last Exploit
CopyFail Compromises The Last 9 Years Of Linux Distros
The First Exploit - Pwn2Own Documentary (Part 2)
The World's Hardest Hacking Competition - Pwn2Own Documentary (Part 1)
Another Linux Distro Dropped Deepin Desktop
This Linux Bug Gives Attackers Root
IPv8 Changes Everything We Know About IP
Top stories
AI-Driven Security Disclosures, NVIDIA Vera & Linux 7.1 Features That Made An Exciting May
1w agoMicrosoft threatened a security researcher with criminal charges, and the cybersecurity community isn't having it
1w agoMicrosoft faces security community backlash over Nightmare Eclipse
1w agoMicrosoft under fire for threatening security researcher with criminal investigation | TechCrunch
1w agoMicrosoft's GitHub bans security researcher who posted zero-day Windows exploits because company 'ruined their life' — expert claims action is vindictive and promises further retaliation
…In this day and age, when AI-powered security research has arguably made the standard 90-day disclosure-to-patch window completely obsolete, and both time-until-exploit and unused exploits are…
MiniPlasma zero-day gives SYSTEM access on fully patched Windows 11
…Part of a deliberate campaign MiniPlasma is yet another Windows zero-day disclosure from Chaotic Eclipse in the past six weeks. The researcher started in April with BlueHammer, a Windows Defender local…
Microsoft shares mitigation for YellowKey Windows zero-day
…While the exact circumstances that triggered this spree of exploit leaks are still unclear, Nightmare Eclipse previously said that these disclosures are in protest of how Microsoft's Security Response Center (MSRC…
Discussions and forums
Researcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft’s Disclosure Process
https://securityaffairs.com/193128/security/researcher-drops-a-new-vs-code-zero-day-after-losing-trust-in-microsofts-disclosure-process.html
Microsoft vs Chaotic Eclipse: three zero-days now actively exploited
This one has been building for a month and it came to a head this week. A researcher going by Chaotic Eclipse has released six Windows zero-days publicly over the past several weeks, covering Defender, BitLocker, and Win…
The compression of the exploit timeline: Why n-day gaps and 90-day embargoes are failing in practice.
The traditional vulnerability disclosure timeline relies on a fundamental assumption: exploit development and vulnerability discovery take time. Over the last 12 months the integration of LLMs into offensive tooling has …
NGINX CVE-2026-42945 (ngx_http_rewrite_module) — patched boundary is 1.30.1 / 1.31.0
Disclosure: I work on Forkline, which maintains a fork of the retired Kubernetes ingress-nginx controller. NGINX published a security advisory for ngx_http_rewrite_module. The affected versions are NGINX Open Source belo…
NGINX CVE-2026-42945 (rewrite module) — check your version if you are below 1.30.1 or 1.31.0
TL;DR: If you are running NGINX Open Source below 1.30.1 or 1.31.0, you are affected by the current ngx_http_rewrite_module CVE batch. For Kubernetes ingress-nginx users this is especially relevant — the retired controll…
Microsoft says it won’t go after security researchers — after the internet called them out
…However, Microsoft indicated that the vulnerabilities published by the security sleuth weren't shared with the company in advance, as highlighted in its Coordinated Vulnerability Disclosure (CVD) policy. Consequently, the company claimed…
Nightmare Eclipse banned from GitHub and GitLab, vows July 14 attack
The security researcher behind six Windows zero-day disclosures in six weeks has been removed from both GitHub and GitLab within days of each other and is now operating exclusively from a…
Project Glasswing: An initial update
…This is based on Claude’s assessment of severity in the case of direct disclosures, and maintainers’ or our security partners’ assessment where available. There are a further 827 confirmed vulnerabilities (estimated…
AMD and the EU Cyber Resilience Act (CRA)
…Resources AMD Product Security Outlines AMD approach to vulnerability management, coordinated disclosure, and enterprise risk mitigation. AMD Design Security Technology Covers AMD design security framework for adaptive SoCs and FPGAs, protecting IP…
Drupal critical update to fix bug with high exploitation risk
…AM Drupal has announced a "core security release" scheduled for later today, warning that threat actors might develop exploits within hours of the update disclosure. Administrators are urged to reserve time for…
Anthropic's Project Glasswing CVE count is still guesswork
…He also suggested that Anthropic "create a dedicated security advisory page where security advisories and vulnerability disclosures were published in a consistent way, to provide a way for consumers to understand the…