Vulnerability coverage.

Platner’s Greatest Vulnerability Isn’t What You Think. It’s THIS — and Collins Must Use It ASAP

So how do you counterprogram an abusive Nazi weirdo extremist loser?…

Privacy token Zcash plunges after the disclosure of a 2022 vulnerability in its Orchard shielded pool that could have allowed undetectable ZEC counterfeiting (Akash Girimath/Decrypt)

Hands Free: What LLM Driven Vulnerability Research Looks Like

Anthropic's coordinated vulnerability disclosure dashboard

EU CRA mandatory vulnerability reporting enters into force September 11, 2026 — what the 24-hour obligation requires

Another bug hunter leaks Microsoft exploits in defiance of company’s handling of vulnerability disclosures

Researchers follow in Nightmare Eclipse’s footsteps, flipping off Redmond in favor of insta-leaks…

Genetic Diversity and Cyber Diversity: Why Monocultures Are Dangerous in Both Worlds

When I first learned about genetic diversity in biology, the idea felt simple: systems survive when...…

Romania wakes up to its vulnerability to Russian drones: 'We are theoretically in a country at peace, and this should not happen'

For the first time since Russia invaded Ukraine, a Russian drone struck a residential building in Romania on May 29, injuring two people. The incident, which occurred in the city o…

Microsoft reaches for olive branch after public dustup with 0-day researcher

Following days of criticism from the security community, Redmond dials back rhetoric, insists vulnerability hunters not in its legal crosshairs…

Microsoft threatens legal action against researcher Nightmare Eclipse for exploit disclosure

Microsoft threatens legal action against security researcher Nightmare Eclipse over zero-day exploit disclosures, raising concerns about chilling effects on crypto security researc…

PAN-OS added to KEV, Langflow exploit activity, and a surprising Windows EPSS jump — today's most actionable vulnerability signals [Threat Intel 2026/5/29}

Automate Kubernetes Image Vulnerability Scanning

Security in a cloud-native environment is only as strong as its weakest link. A recent security audit...…

Microsoft: Protecting customers through Coordinated Vulnerability Disclosure

CVE-Bench: testing LLM agents on real-world vulnerability patches

Benchmarking LLMs on real-world CVE patching…

No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out

Researcher reported the vuln in March. Maintainers haven't responded to his messages since…

Arm Metis with GPT5.5 Cyber scores 98% on firmware vulnerability benchmark

Arm Metis is an open-source agentic AI security framework that helps detect software vulnerabilities earlier.…

Glibc CVE-2026-5450 9.8

Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width gr…

Breaking macOS App Sandbox Data Containers, TCC, and Hijacking Apps

Until macOS 26.4, Archive Utility had nearly unrestricted filesystem access. Combined with a drag-and-drop sandbox quirk, this let an attacker bypass App Sandbox data containers, T…

Gitea CVE-2026-27771 exposed private container images without authentication

Gitea private container images were accessible to anyone on the internet, no credentials required, across healthcare, aerospace, and critical infrastructure worldwide.…

Atom Exhaustion Is Not a Footgun. It's One Third of Our CVEs

New Linux CIFSwitch Kernel Vulnerability Allows Attackers to Gain Root Access

Show HN: CVE-2026-40369 Windows Kernel Arbitrary Write Chrome SBX

Multi-Agent LLM System for Automated Vulnerability Discovery and Reproduction

Software vulnerabilities pose critical security threats, with nearly 50,000 CVEs reported in 2025. While Large Language Models (LLMs) show promise for automated vulnerability detec…

Starlette, an open-source Python framework underpinning FastAPI, has a vulnerability, called BadHost, that can allow hackers to bypass authorization (Dan Goodin/Ars Technica)

Worrying open-source security issue 'BadHost' could affect millions of AI agents, experts warn

The risk is "materially understated", researchers are saying as passwords and critical data can be exfiltrated.…

A One-Character Host Header Bug in Starlette Exposed AI Agents

One character. That's what it took to bypass authentication on millions of servers running AI agents, MCP tools, and the infrastructure connecting them to user data, email accounts…

A Flask Vulnerability Walkthrough

Machine Problem 3 Group Members: Deen, Ligero, Torres Web applications, even simple ones, can carry...…

What Happens When You Show Your Parents Your Debut Novel?

I gave my book to my partner before I gave it to my parents, figuring it was better to conquer one gut-churning fear at a time. I refused to watch him read it, but I was aware when…

Millions of AI agents imperiled by critical vulnerability in open source package

AI agents imperiled by critical vulnerability in open source package

BadHost" was found in Starlette, a package with 325 million weekly downloads.…

Starlette vulnerability exposes millions of AI agents to hackers

A critical Starlette framework vulnerability threatens millions of AI agents, including crypto trading bots and DeFi tools built on FastAPI and Python.…

BadHost: One Char Bypasses Host-Based Security Across the Python AI Stack

Ghost CMS flaw hijacked to target hundreds of websites with ClickFix attacks — here's how to stay safe

A critical-level flaw in a popular CMS, patched months ago, is now being abused.…

The Business Context Problem: Why Vulnerability Severity Scores Lie

A critical vulnerability on an Alpine-based reverse proxy sitting behind three layers of network...…

Your Clean Domain Could Be Masking an Attack: The Underminr Vulnerability Explained

Your domain has a good reputation. It resolves to a CDN edge IP that firewalls and protective DNS...…

OWASP CVE Lite CLI

Fast, developer-friendly JS/TS dependency vulnerability scanner with local lockfile scanning, OSV matching, direct vs transitive visibility, --fix, JSON output, and practical remed…

LLM Agents Are Now Finding Zero-Days: How AI is Autonomously Rewriting the Rules of Vulnerability Research

LLM Agents Are Now Finding Zero-Days: How AI is Autonomously Rewriting the Rules of...…

Login bypass vulnerability in Social Insurance, eCourt, and eHealth systems

Podatność umożliwiająca zalogowanie się na konto dowolnego użytkownika występowała w kilkunastu systemach administracji publicznej, w tym ZUS i CEZ. Wymagania? Dostęp do internetu,…

Security Advisory for Cargo (CVE-2026-5222)

Empowering everyone to build reliable and efficient software.…

Trend Micro users beware - dangerous Apex One zero-day exploited in the wild

CISA has already added the flaw to its KEV database.…

StubZero: $148,337 RCE in Google Cloud Production

A chance Discord message, two missing pieces, and one hour before the window closed: From info leak to RCE on Google Cloud. Three months later, it happened again.…

I Benchmarked 17 ESLint Security Plugins. Only One Found Every Vulnerability.

I ran 40 real-world vulnerable patterns through every major ESLint security plugin — from eslint-plugin-security to SonarJS to Microsoft SDL. The detection gaps are alarming.…

Vulnerability report written by AI hacker agent

Our AI Hacker found this, fixed it, and then (bragged) wrote about it: one endpoint, leaking tech stack info, whispering all its secrets to anyone who knew how to listen!…

An npm Package for AI Agent Orchestration Just Shipped With Its Front Door Unlocked. Here's What the CVE Actually Reveals.

MCP ecosystem is growing fast enough that security researchers are now hunting it like any other...…

Vulnerability Spoiler Alert – Exposing Patches Before CVEs

AI-powered early warning for open-source security patches — before the CVE drops.…

Are Frontier LLMs Ready for Cybersecurity? Evidence for Vertical Foundation Models from Dual-Mode Vulnerability Benchmarks

We evaluate whether frontier LLMs are ready for cybersecurity through a dual-mode benchmark: white-box function-level vulnerability detection (VulnLLM-R, across C/Java/Python) and …

CMV: Showing vulnerability as man is disadvantageous a majority of time

Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign

A large-scale campaign is exploiting a critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS to inject malicious JavaScript code that triggers ClickFix attack flows.…

Balancing intimacy and solitude in the shadow of cancer

Breast cancer has not changed who I am. It has clarified who I’ve always been…

I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty

I was poking at a fintech’s mobile API and noticed something that made no sense. GET /v1/accounts returned 401. GET /v1/accounts/ returned...…

Local Root Privilege Escalation and Credential Disclosure in the Linux Kernel

The Qualys Threat Research Unit (TRU) has discovered and published the full advisory for CVE-2026-46333, a logic flaw in the Linux kernel’s __ptrace_may_access() function that perm…

How to continue when finding a possible Vulnerability but local law prohibits me from investigating further

Anthropic's coordinated vulnerability disclosure dashboard

I reproduced a Claude Code RCE. The bug pattern is everywhere

Last week, security researcher Joernchen published a clever RCE in Claude Code 2.1.118. I spent Saturday reproducing it from the advisory to understand the…

Why your vulnerability dashboard is lying to you (and how to fix it)

You open your vulnerability dashboard on a Monday morning and see 47 critical CVEs across 12 assets....…

Laravel Lang Compromised with RCE Backdoor Across 700 Versions

Laravel Lang packages were compromised with an RCE backdoor across hundreds of versions, exposing cloud, CI/CD, and developer secrets.…

Malicious Postinstall Hook Found in 700 GitHub Repos, Including Node Projects

Socket found a malicious postinstall hook across 700+ GitHub repos, including PHP packages on Packagist and Node.js project repositories.…

Another major Linux security flaw revealed — nine-year old issue could spell disaster for users

There was a way to elevate normal Linux users' privileges to root, granting threat actors admin access.…

'It's Nuts': Major PS5 Security Vulnerability Exposed, And We're All At Risk

Social engineering scam uncovered…

Heat vulnerability follows more than temperature, and this global map exposes the overlooked fault lines