Tag: software vulnerabilities
35 articles

Anonymous Researcher Exploits 15 Software Products with Zero-Day Code Dump
A security bombshell has been dropped: an anonymous researcher has publicly shared exploit code for zero-day vulnerabilities in 15 software products, and hackers are already taking advantage of at least two of them. The alarming revelation has sent shockwaves through the cybersecurity community.

OpenAI Unveils GPT-5.5-Cyber to Accelerate Vulnerability Patching
Meet GPT-5.5-Cyber, OpenAI's latest game-changer in vulnerability patching, designed to supercharge security teams by rapidly identifying and fixing software vulnerabilities in large codebases. This cutting-edge model is the strongest yet for finding and helping patch software vulnerabilities, accelerating discovery, validation, and remediation like never before.

Anthropic's AI Model Uncovers 10,000 Software Vulnerabilities
Anthropic's AI model has made a groundbreaking discovery, uncovering over 10,000 high- or critical-severity software vulnerabilities in just a month of testing. This game-changing technology is shifting the focus from detection to fixing these bugs, highlighting the need for increased human capacity to triage, report, and deploy patches.

AI Model Exposes 10,000 High-Severity Flaws in Widely Used Software
In just one month, a cutting-edge AI model has uncovered a staggering 10,000 high-severity flaws in widely used software, thanks to Anthropic's innovative Project Glasswing initiative. This groundbreaking tool is already making waves in the cybersecurity world by detecting critical vulnerabilities in some of the world's most important software.

Generative AI Exposes Software Vulnerabilities at Scale
Generative AI is rapidly advancing and can now efficiently uncover and exploit software vulnerabilities, prompting companies like Anthropic to carefully manage their powerful models. Anthropic's recent decision to limit access to its Claude Mythos Preview model to a select group of companies highlights the potential risks and costs associated with these cutting-edge AI systems.

AI-Powered Bug Hunts Disrupt Software Giants' Patch Cycles
Microsoft just dropped a massive batch of software updates to fix 118 security vulnerabilities, including 16 critical flaws that could let hackers take control of your system. For the first time in nearly two years, none of these patches are for emergency zero-day flaws that were already being exploited.

vm2 Library Vulnerabilities Enable Sandbox Escape and Code Execution
A dozen critical vulnerabilities in the vm2 Node.js library can be exploited by hackers to break free from sandbox restrictions and run malicious code on vulnerable systems. This serious security flaw has been assigned high CVSS scores, emphasizing the urgent need for users to patch their systems.

Anthropic Exposes Tens of Thousands of Unpatched Flaws in Software Platforms
Tens of thousands of unpatched software flaws are lurking in the shadows, threatening cybersecurity, after Anthropic's AI tool Mythos uncovered nearly 300 vulnerabilities in Firefox alone. This astonishing discovery highlights the urgent need for rapid action to address the alarming gap in software security.

Anthropic Unveils Claude Security for AI-Powered Vulnerability Scanning
Boost your organization's security with Claude Security, now in public beta, which scans codebases to detect and fix software vulnerabilities with just a few clicks. Say goodbye to tedious API integrations and custom agent builds - simply access the feature from the Claude.ai sidebar and start scanning today!

AI Vendors Downplay Role in Security Vulnerabilities
AI vendors are caught in a contradictory spin cycle, urging companies to rely on AI to combat threats while downplaying security flaws, leaving customers wondering who's truly responsible for safeguarding their systems. When vulnerabilities arise, these vendors often claim it's simply their AI working as intended - a response that only fuels concerns about their maturity and accountability.

AI Models Accelerate Vulnerability Discovery, Pressing Defenders to Adapt
The double-edged sword of AI: while it's being used to help developers, it's also become a powerful tool for attackers to rapidly discover and exploit software flaws, forcing defenders to scramble to keep up. As AI-powered vulnerability discovery accelerates, the pressure is on for defenders to adapt and harden legacy systems before it's too late.

Anthropic Deploys AI to Autonomously Fix Software Vulnerabilities
Imagine an AI that can proactively hunt down and fix hidden software vulnerabilities in critical systems before hackers can exploit them - Anthropic's new Project Glasswing is making this a reality with its cutting-edge AI model, Claude Mythos Preview. This groundbreaking initiative has the potential to revolutionize cybersecurity, but also raises intriguing questions about its capabilities and implications.

Tech Giants Unveil AI-Powered Project to Fortify Software Defenses
Major tech players have joined forces to launch Project Glasswing, an AI-powered initiative that uses machine learning to identify and patch critical software vulnerabilities before malicious actors can exploit them. This game-changing project aims to stay one step ahead of attackers by harnessing the same AI technology that can be used for defense - and turning it into a powerful force for good.

AIs Reveal Stunning, Dangerous Security Flaws
Advanced AIs are no longer just suggesting fixes—they’re finding, crafting exploits for, and chaining real-world software vulnerabilities with off-the-shelf tools, even reproducing Equifax-style breaches in simulations. Patch quickly: basic hygiene is now the best defense as automating attacks gets faster and more capable.

Apple bug bounty: Stunning $5M Boost — Best Move
Apple just doubled its top direct bug bounty and added bonuses that can push total payouts to $5M—a clear signal it’s serious about paying for the most dangerous fixes. That boost could speed patches, entice top researchers away from gray markets, and reshape how the industry rewards the people who keep our devices safe.

AI Vulnerability Reward Program: Exclusive $30K Best Win
Google’s new AI Vulnerability Reward Program offers up to $30,000 to researchers who responsibly report model flaws — a smart, practical move to incentivize fixes, curb abuse, and make AI safer for everyone.

Oracle E-Business Suite Risky: Must-Have Breach Guide
Google’s Threat Analysis Group says the Clop ransomware gang accessed a large volume of data from Oracle E-Business Suite — a wake-up call for any org that hasn’t checked who holds the keys to its crown jewels. Now’s the time to hunt for shadow EBS instances, tighten access, and patch or segment vulnerable systems before attackers turn stolen data into extortion.

Ascension ransomware: Exclusive Risky Threat Exposed
Senator Ron Wyden has asked the FTC to probe whether Microsoft’s security practices and disclosure timelines helped enable the ransomware attack on Ascension, raising a pointed question: are the companies that power our hospitals and utilities doing enough—or profiting from insecurity? This probe could reshape how regulators hold tech vendors accountable for failures that put patients and critical services at risk.

public disclosure: Exclusive Best Guide to Safer AI
The UK’s NCSC is pushing to adapt trusted vulnerability-disclosure programs to AI so researchers have a clear, safe route to report model-bypass tricks and give developers time to fix harms before details leak. If adopted, this pragmatic step could speed fixes, boost accountability, and make powerful models harder to weaponize while policy and tech catch up.

Comment Now on Draft SP 800-53 Controls for Secure Patches
Join the conversation on NISTs draft updates to SP 800-53 and discover how these new guidelines can transform your approach to securing software patches—because safeguarding your systems has never been more crucial!

Why LLMs Struggle with Vulnerability Discovery and Exploitation
Can AI really crack the code on hidden software flaws, or is it still missing the mark in the high-stakes game of cybersecurity? Discover why even the smartest language models struggle to spot and exploit vulnerabilities where human insight still reigns supreme.

CVE Program Introduces Two New Forums to Boost CVE Usage
CVE Program launches two new forums to enhance collaboration and promote the adoption of CVE identifiers in cybersecurity practices.

NSA and CISA Advocate for the Use of Memory Safe Programming Languages for Enhanced Security
NSA and CISA urge the adoption of memory safe programming languages to bolster software security and reduce vulnerabilities in critical systems.

ISMG Editors: Supply Chain Attacks Are Spiking – Here’s Why
ISMG Editors report a surge in supply chain attacks—exploring the causes and cybersecurity implications driving this alarming trend.