vulnerability disclosure

Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656)

0-day, Don't miss, exploit, Hot stuff, Microsoft, Microsoft Defender, News, vulnerability disclosure /

Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656) 2026-06-17 at 14:26 By Zeljka Zorz Microsoft has acknowledged the local elevation of privilege issue in Microsoft Defender that can be triggered via the “RoguePlanet” exploit, and is “working to provide a high quality security update that addresses this vulnerability.” The vulnerability, which has been assigned […]

Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656) Read More »

Mythos Preview can weaponize N-day vulnerabilities in hours

Anthropic, cybersecurity, News, vulnerability disclosure /

Mythos Preview can weaponize N-day vulnerabilities in hours 2026-06-09 at 13:39 By Sinisa Markovic Mythos Preview can develop working exploits from newly disclosed software vulnerabilities in hours, cutting down a process that has historically taken days or weeks, according to Anthropic. Anthropic’s recent cybersecurity research has largely focused on zero-days, vulnerabilities unknown to software vendors.

Mythos Preview can weaponize N-day vulnerabilities in hours Read More »

Anthropic expands Project Glasswing to 150 organizations in more than 15 countries

AI, Anthropic, cybersecurity, News, RunSafe Security, vulnerability disclosure /

Anthropic expands Project Glasswing to 150 organizations in more than 15 countries 2026-06-03 at 11:23 By Sinisa Markovic Anthropic is expanding Project Glasswing, its cybersecurity initiative built around the Claude Mythos Preview model, by adding about 150 organizations following several weeks of work with its initial group of partners, security firms, open-source maintainers, and government

Anthropic expands Project Glasswing to 150 organizations in more than 15 countries Read More »

Anthropic: Claude Mythos identified 10,000+ software flaws

AI, Anthropic, Don't miss, News, open source, vulnerability disclosure /

Anthropic: Claude Mythos identified 10,000+ software flaws 2026-05-26 at 17:30 By Anamarija Pogorelec Anthropic and its Project Glasswing partners have identified more than 10,000 high- or critical-severity vulnerabilities in critical software systems, the company announced in an update on the project’s progress. Mythos identifies thousands of high-severity vulnerabilities In April 2026, Anthropic introduced Claude Mythos

Anthropic: Claude Mythos identified 10,000+ software flaws Read More »

Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)

Don't miss, Hot stuff, Microsoft, Microsoft Defender, News, vulnerability, vulnerability disclosure, Windows /

Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498) 2026-05-21 at 14:22 By Zeljka Zorz Attackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known Exploited Vulnerabilities catalog. The vulnerabilities CVE-2026-41091 allows for local privilege elevation (LPE), and is caused by the Microsoft Malware

Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498) Read More »

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector

AI, CISO, credentials, data breach, Don't miss, Hot stuff, News, phishing, Ransomware, report, social engineering, Verizon, vulnerability disclosure, vulnerability management /

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector 2026-05-20 at 17:16 By Zeljka Zorz Vulnerability exploitation has overtaken stolen credentials as the most common way attackers gain initial access to target networks, according to the 2026 Verizon Data Breach Investigations Report. This is the first time credential theft has been knocked off the

Verizon DBIR: Vulnerability exploitation is the dominant initial access vector Read More »

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585)

CVE, Don't miss, exploit, Hot stuff, Microsoft, News, PoC, vulnerability disclosure, Windows, Windows Server /

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) 2026-05-20 at 11:49 By Zeljka Zorz Microsoft is working on a fix for CVE-2026-45585 (aka “Yellowkey”), a vulnerability that can be used by attackers to bypass protections offered by BitLocker, the full-disk encryption feature built into Windows, and access users’ data. In the meantime, the company

Microsoft provides mitigation for “YellowKey” BitLocker bypass flaw (CVE-2026-45585) Read More »

AI is drowning software maintainers in junk security reports

AI, bug bounty, Don't miss, GitHub, Hot stuff, Linux, News, open source, vulnerability assessment, vulnerability disclosure /

AI is drowning software maintainers in junk security reports 2026-05-18 at 21:32 By Zeljka Zorz AI-assisted vulnerability research has exploded, unleashing a firehose of low-quality reports on overworked software maintainers who are wasting hours sifting through noise instead of fixing real problems. Linus Torvalds, the Linux kernel’s creator, says the flood has made the project’s

AI is drowning software maintainers in junk security reports Read More »

Amazon Quick authorization bypass let users reach blocked AI chat agents

AI, AWS, Don't miss, HackerOne, Hot stuff, News, vulnerability, vulnerability disclosure /

Amazon Quick authorization bypass let users reach blocked AI chat agents 2026-05-12 at 20:12 By Mirko Zorz Enterprises running Amazon Quick, the AWS business intelligence and agentic AI service, rely on a feature called custom permissions to restrict who inside an account can use AI chat agents. Fog Security founder Jason Kao discovered that those

Amazon Quick authorization bypass let users reach blocked AI chat agents Read More »

Linux developers weigh emergency “killswitch” for vulnerable kernel functions

cybersecurity, Don't miss, Hot stuff, Linux, News, operating system, system hardening, vulnerability disclosure, vulnerability management /

Linux developers weigh emergency “killswitch” for vulnerable kernel functions 2026-05-11 at 16:48 By Zeljka Zorz Linux kernel developers are reviewing a proposal for an emergency risk mitigation mechanism (“Killswitch”) that would allow administrators to disable vulnerable kernel functions at runtime. The proposal, submitted by Linux kernel developer/maintainer Sasha Levin, arrives in the wake of the

Linux developers weigh emergency “killswitch” for vulnerable kernel functions Read More »

Meta and PortSwigger drive offensive security further to find what others miss

bug bounty, Meta, News, PortSwigger, vulnerability disclosure /

Meta and PortSwigger drive offensive security further to find what others miss 2026-04-20 at 11:16 By Anamarija Pogorelec Meta Bug Bounty and PortSwigger have formed a partnership to help security researchers sharpen their skills, collaborate more closely, and improve vulnerability discovery. The initiative combines Meta’s bug bounty program with PortSwigger’s Burp Suite, reflecting a shared

Meta and PortSwigger drive offensive security further to find what others miss Read More »

Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time

CISO, CVE, cyber resilience, cybersecurity, Don't miss, ENISA, EU, Europe, Features, Hot stuff, MITRE, News, opinion, vulnerability disclosure /

Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time 2026-04-15 at 10:02 By Mirko Zorz In this Help Net Security interview, Nuno Rodrigues Carvalho, Head of Sector for Incident and Vulnerability Services at ENISA, discusses the recent CVE funding scare and what it exposed about the fragility of global vulnerability disclosure

Coordinated vulnerability disclosure is now an EU obligation, but cultural change takes time Read More »

Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk

Don't miss, Google, News, Tenable, vulnerability, vulnerability disclosure /

Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk 2026-02-04 at 13:25 By Help Net Security Researchers at Tenable have disclosed two vulnerabilities, collectively referred to as “LookOut,” affecting Google Looker. Because the business intelligence platform is deployed by more than 60,000 organizations in 195 countries, the flaws could give attackers a path

Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk Read More »

Tesla, Sony, and Alpine systems compromised on day one of Pwn2Own Automotive 2026

hacking contest, News, Pwn2Own, Trend Micro, vulnerability disclosure /

Tesla, Sony, and Alpine systems compromised on day one of Pwn2Own Automotive 2026 2026-01-22 at 13:11 By Sinisa Markovic Security researchers uncovered 37 previously unknown vulnerabilities on the opening day of Pwn2Own Automotive 2026, earning a combined $516,500 in prize money, according to results released by Trend Micro’s Zero Day Initiative. The Master of Pwn

Tesla, Sony, and Alpine systems compromised on day one of Pwn2Own Automotive 2026 Read More »

Why vulnerability reports stall inside shared hosting companies

cybersecurity, Don't miss, Features, Hot stuff, News, research, strategy, tips, vulnerability disclosure, vulnerability management /

Why vulnerability reports stall inside shared hosting companies 2025-12-17 at 09:24 By Mirko Zorz Security teams keep sending vulnerability notifications, and the same pattern keeps repeating. Many alerts land, few lead to fixes. A new qualitative study digs into what happens after those reports arrive and explains why remediation so often stops short. The research

Why vulnerability reports stall inside shared hosting companies Read More »

What happens when vulnerability scores fall apart?

CVE, cybersecurity, News, open source, report, risk, software development, Sonatype, vulnerability disclosure /

What happens when vulnerability scores fall apart? 2025-11-24 at 07:54 By Anamarija Pogorelec Security leaders depend on vulnerability data to guide decisions, but the system supplying that data is struggling. An analysis from Sonatype shows that core vulnerability indexes no longer deliver the consistency or speed needed for the current software environment. A system that

What happens when vulnerability scores fall apart? Read More »

How to get better results from bug bounty programs without wasting money

Alta Associates, bug bounty, CISO, cybersecurity, Don't miss, Features, Google, Hot stuff, Intigriti, News, strategy, tips, UpCloud, vulnerability disclosure /

How to get better results from bug bounty programs without wasting money 2025-10-07 at 14:03 By Mirko Zorz The wrong bug bounty strategy can flood your team with low-value reports. The right one can surface critical vulnerabilities that would otherwise slip through. A new academic study based on Google’s Vulnerability Rewards Program (VRP) offers rare

How to get better results from bug bounty programs without wasting money Read More »

Ruckus network management solutions riddled with unpatched vulnerabilities

Carnegie Mellon University, Claroty, Don't miss, Hot stuff, networking, News, Ruckus Networks, vulnerability, vulnerability disclosure, wireless /

Ruckus network management solutions riddled with unpatched vulnerabilities 2025-07-10 at 15:52 By Zeljka Zorz Claroty researcher Noam Moshe has discovered serious vulnerabilities in two Ruckus Networks (formerly Ruckus Wireless) products that may allow attackers to compromise the environments managed by the affected software, Carnegie Mellon University’s CERT Coordination Center (CERT/CC) has warned. The vulnerabilities have

Ruckus network management solutions riddled with unpatched vulnerabilities Read More »

Vulnerabilities found in NASA’s open source software

code analysis, Don't miss, Hot stuff, NASA, News, open source, ThreatLeap, vulnerability, vulnerability disclosure /

Vulnerabilities found in NASA’s open source software 2025-05-27 at 15:48 By Zeljka Zorz Vulnerabilities in open source software developed and used in-house by NASA could be exploited to breach their systems, claims Leon Juranić, security researcher and founder of cybersecurity startup ThreatLeap. The vulnerabilities Juranić, whose AppSec credentials include founding and leading DefenseCode, is no

Vulnerabilities found in NASA’s open source software Read More »

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664)

Chrome, CISA, Don't miss, Google, Hot stuff, Microsoft Edge, News, security update, vulnerability, vulnerability disclosure /

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) 2025-05-16 at 13:47 By Zeljka Zorz A high-severity Chrome vulnerability (CVE-2025-4664) that Google has fixed on Wednesday is being leveraged by attackers, CISA has confirmed by adding the flaw to its Known Exploited Vulnerabilities catalog. About CVE-2025-4664 CVE-2025-4664 stems from insufficient policy enforcement in Google

CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) Read More »

Scroll to Top