This Linux Bug Gives Attackers Root
A Vulnerability to Hack The World - CVE-2023-4863
AI Is Hacking Everything Now...
732 bytes of Python just borked every Linux machine on earth…
Sorry Windows 10 Users...
My theory on how the webp 0day was discovered #short
My theory on how the webp 0day was discovered (BLASTPASS)
An initiative to secure the world's software | Project Glasswing
Ubuntu under attack, Big flaw affects all Linux distros, Linux beats Windows - Linux Weekly News
…Researcher Kevin Beaumont noted that exploitation requires a vulnerable NGINX configuration using particular rewrite patterns, the attacker must know or discover the affected endpoint, and the published RCE PoC was tested with…
…CISA added them to its Known Exploited Vulnerabilities (KEV) Catalog and ordered Federal Civilian Executive Branch (FCEB) agencies to secure their Windows endpoints and servers within two weeks, by June 3, as…
…On Friday, Belgium's national cybersecurity authority (CCB) warned that attackers are now actively exploiting the CVE-2026-41089 security flaw in the wild and urged admins to immediately patch vulnerable servers…
…previously unknown vulnerabilities that attackers were already exploiting before the patches landed. The bugs, tracked as CVE-2026-3909 and CVE-2026-3910, affect core components of the browser and have prompted…
Head over to Netomize's blog to learn about how we detect the exploitation of the CrushFTP Vulnerability (CVE-2025-31161) with PacketSmith's Yara detection module, using the newly introduced track_state and flow_state ke…
The traditional vulnerability disclosure timeline relies on a fundamental assumption: exploit development and vulnerability discovery take time. Over the last 12 months the integration of LLMs into offensive tooling has …
I co-founded a successful security company close to the Mythos ecosystem and have spoken with participants in the know and I am deeply concerned. We, collectively, have answers for some but not all of the problems ahead …
This one has been building for a month and it came to a head this week. A researcher going by Chaotic Eclipse has released six Windows zero-days publicly over the past several weeks, covering Defender, BitLocker, and Win…
On May 7, Hyunwoo Kim (V4bel) disclosed Dirty Frag — two Linux kernel vulnerabilities (CVE-2026-43284 and CVE-2026-43500) that give unprivileged users deterministic root on most Linux distributions shipped since 2017. Mi…
…CopyFail and Dirty Frag root-gaining vulnerabilities, and things aren't much rosier at Microsoft, thanks to the YellowKey BitLocker bypass, as well as GreenPlasma and RedSun privilege-gaining exploits. Now, it…
…The researchers found that the attacker tried to deploy a Cobalt Strike beacon, a post-exploitation framework for command-and-control (C2) communication, and a vulnerable driver, likely to disable endpoint protection…
…In addition to Windows and Office, Microsoft's cloud services are affected. One Office vulnerability is already being exploited in the wild, while one exploit for a vulnerability in Defender was known…
…On January 12, CISA confirmed Wiz's report that the CVE-2025-8110 was under active exploitation and added the security flaw to its catalog of vulnerabilities exploited in the wild, ordering…
…Researchers at WordPress security company Defiant observed that threat actors are trying to exploit the vulnerability, and blocked more than 3,600 attempts over the past 24 hours. “When the request is…
…In addition to Windows and Office, Microsoft's cloud services were also affected. So far, none of the vulnerabilities have been exploited for attacks in the wild. Microsoft classifies eight of them…