Dirty Frag Won't Be The Last Exploit
CopyFail Compromises The Last 9 Years Of Linux Distros
The First Exploit - Pwn2Own Documentary (Part 2)
The World's Hardest Hacking Competition - Pwn2Own Documentary (Part 1)
Another Linux Distro Dropped Deepin Desktop
This Linux Bug Gives Attackers Root
IPv8 Changes Everything We Know About IP
…ultimately paid a $500 prize to the researchers for their disclosure. None of the vendors assigned CVEs or published public security advisories. Another bug-hunting team disclosed a design flaw baked into…
…AMD acknowledged the vulnerability following ETH Zurich's responsible disclosure in August 2025, assigned it CVE-2025-54510, and published security guidance under advisory AMD-SB-3034 when the embargo lifted in…
…vm/drop_caches; true" These disclosures follow recent reports that attackers are now actively exploiting the Copy Fail vulnerability in the wild. The Cybersecurity and Infrastructure Security Agency (CISA) added Copy Fail…
…The disclosures show how SpaceX took on new financial and reputational risks when it acquired Elon Musk’s artificial intelligence startup xAI in February, a deal which sent the rocket maker’s…
https://securityaffairs.com/193128/security/researcher-drops-a-new-vs-code-zero-day-after-losing-trust-in-microsofts-disclosure-process.html
This one has been building for a month and it came to a head this week. A researcher going by Chaotic Eclipse has released six Windows zero-days publicly over the past several weeks, covering Defender, BitLocker, and Win…
The traditional vulnerability disclosure timeline relies on a fundamental assumption: exploit development and vulnerability discovery take time. Over the last 12 months the integration of LLMs into offensive tooling has …
Disclosure: I work on Forkline, which maintains a fork of the retired Kubernetes ingress-nginx controller. NGINX published a security advisory for ngx_http_rewrite_module. The affected versions are NGINX Open Source belo…
TL;DR: If you are running NGINX Open Source below 1.30.1 or 1.31.0, you are affected by the current ngx_http_rewrite_module CVE batch. For Kubernetes ingress-nginx users this is especially relevant — the retired controll…
…Over half of respondents believe that AI-assisted contributions should always require formal disclosure (such as an “AI-authored” tag). An additional 20% feel disclosure should be required in specific cases. This…
…Explore our GitLab Security and Governance Solutions and security scanning documentation to start strengthening your security posture today. More to explore Security Full security scanner coverage of your codebase in minutes Security…
…Meta says that this won't be the case for its incognito mode. "Your messages are processed in a secure environment that even Meta cannot access. Your conversations are not saved, and…
…AI-Driven Security Disclosures, NVIDIA Vera & Linux 7.1 Features That Made An Exciting May Servo 0.2 Released With Revamped Android Browser UI Rust Coreutils 0.9 Released With Additional Security…
…Securities and Exchange Commission (SEC) for $1.5 million over his delayed disclosure of a major stake in Twitter. 2 VIEW GALLERY - 2 IMAGES The agreement, reached without Musk admitting fault, marks…
CSO Lightning-fast exploits make it essential to patch fast, ask questions later Here's where you ought to spend your security billable hours budget this year Strengthen your MFA policies, double…