Tag: vulnerability disclosure
42 articles

Vulnerability Management Faces Patch Apocalypse Amid AI-Driven Discovery Surge
The AI-driven discovery surge is creating a perfect storm in vulnerability management, with nearly 48,000 CVEs published in 2025 alone, and a growing mismatch between rapid vulnerability discovery and slower human-led remediation. This has given rise to the "Patch Apocalypse," where the scale, speed, and exploitability of vulnerabilities are outpacing traditional patching approaches.

Anonymous Researcher Exploits 15 Software Products with Zero-Day Code Dump
A security bombshell has been dropped: an anonymous researcher has publicly shared exploit code for zero-day vulnerabilities in 15 software products, and hackers are already taking advantage of at least two of them. The alarming revelation has sent shockwaves through the cybersecurity community.

phpBB Fixes Decade-Old Auth Bypass Bug
A major vulnerability in phpBB has been uncovered, allowing attackers to bypass authentication and log in as any user, including administrators, with ease and no special knowledge required. This decade-old bug, exploitable in default configurations, has been patched - but only after researchers took steps to privately disclose the issue to prevent widespread exploitation.

Microsoft Unveils Record 200 Patches, Warns of Rising AI-Driven Flaws
Microsoft just dropped a record 200 security patches to fix critical flaws in Windows and supported software, with nearly three dozen vulnerabilities rated as critical and at least three already being exploited by hackers. This massive update signals a new normal in vulnerability disclosure, with AI-driven flaws on the rise.

Microsoft Revives Vulnerability Disclosure Debate with Researcher Crackdown
Microsoft is stirring up controversy in the vulnerability disclosure debate, clashing with a security researcher over the responsible handling of zero-day vulnerabilities. The tech giant's strong response, including threats of legal action, has sparked heated discussion on coordinated disclosure.

World Food Programme Breach Exposes 600k Gazan Family Records
A devastating data breach at the World Food Programme has left 600,000 vulnerable Gazan families exposed, with their personal records compromised - but thankfully, aid recipients have been assured that their support will continue uninterrupted.

Microsoft 365 Android Apps Expose Account Tokens Due to Debug Flag Oversight
A single line of code, "setIsDebugMode(true)," inadvertently left in multiple Microsoft 365 Android apps, created a gaping security hole that allowed other apps on the same phone to access sensitive account tokens without user permission. This tiny oversight, discovered by Enclave's Yanir Tsarimi and Ofek Levin, exposed users to potential security risks.

Microsoft Threatens Security Researcher Over Windows Exploits
A mysterious security researcher known as "Nightmare Eclipse" has unleashed a string of powerful Windows exploits, including one that can bypass BitLocker, leaving Microsoft scrambling to respond. The bold move has sparked a tense standoff between the researcher and the tech giant.

AI-Driven Exploitation Forces New Vulnerability Management Tactics
The threat landscape has changed: vulnerabilities are now being discovered, exploited, and weaponized in a matter of hours, leaving defenders scrambling to keep up. With AI-driven attacks accelerating, it's clear that traditional vulnerability management tactics just aren't fast enough.

ChatGPT Vulnerability Exposes Users to Phishing Attacks via Web Summaries
Beware of ChatGPhish, a vulnerability in ChatGPT's web summarization feature that lets hackers disguise phishing attacks as harmless links and images. This security flaw could put you at risk of falling prey to scams via web summaries.

Microsoft Faces Backlash Over Zero-Day Disclosure Feud
A researcher known as Nightmare Eclipse has unleashed a series of six Windows zero-day vulnerabilities, with working exploit code for at least three, and has threatened to release another on July 14, sparking a public feud with Microsoft. The ominous warning, which has left Microsoft speaking out against uncoordinated disclosures, has security experts on high alert.

Microsoft Opposes Public Zero-Day Disclosures, Cites Customer Risk
Microsoft is speaking out against public zero-day disclosures, warning that revealing vulnerabilities without prior notice can put customers at unnecessary risk. The tech giant is urging researchers to adopt Coordinated Vulnerability Disclosure, sharing findings with affected vendors before going public.

AI Model Exposes 10,000 High-Severity Flaws in Widely Used Software
In just one month, a cutting-edge AI model has uncovered a staggering 10,000 high-severity flaws in widely used software, thanks to Anthropic's innovative Project Glasswing initiative. This groundbreaking tool is already making waves in the cybersecurity world by detecting critical vulnerabilities in some of the world's most important software.

CISA Opens KEV Nominations to Bolster Vulnerability Intelligence
CISA is now accepting nominations for its Known Exploited Vulnerabilities catalog, empowering public reporting to strengthen the nation's cybersecurity posture by quickly identifying and mitigating exploited vulnerabilities. By submitting through the new KEV nomination form, you're helping to keep federal, private, and critical infrastructure networks safe.

NGINX Rift Attackers Exploit Exposed Servers Within Days of Disclosure
Malicious actors are already probing and exploiting a long-standing vulnerability in NGINX web server software, just days after its disclosure - highlighting the urgent need for organizations to update their systems and safeguard against cyber threats. This 18-year-old flaw has quickly become a prime target for attackers seeking unauthorized access to exposed servers.

Microsoft Disputes Azure Vulnerability Report, Silent Patch Issued
Security researcher Justin O'Leary claims a critical flaw in Azure Backup for AKS could let users with zero Kubernetes permissions gain full cluster administration, but Microsoft disputes the finding. The tech giant quietly issued a patch without acknowledging the vulnerability.

AWS Discloses Flaw in Quick Access Control
AWS swiftly addressed a security flaw in Quick Access, discovered by Fog Security, which could have allowed unauthorized users to bypass access controls, and fortunately, no customer data was compromised. The issue was resolved in March 2026, with no action required from customers.

BitLocker Zero-Day Exposes Windows Drives to Unauthorized Access
A security researcher, Chaotic Eclipse, has dropped a bombshell by releasing proof-of-concept code for two unpatched Windows vulnerabilities, citing frustration with Microsoft's handling of previous bug reports. This move exposes Windows drives to unauthorized access, even with TPM+PIN protection in place.

Microsoft Edge Exposes Saved Passwords in Plaintext
Microsoft Edge's password management has a concerning vulnerability: it loads all saved passwords into browser memory in plaintext at startup, making it easier for hackers to steal credentials on compromised systems. This is in stark contrast to other Chromium-based browsers like Google Chrome and Brave, which only decrypt passwords when needed.

Microsoft Edge Exposes Saved Passwords in Cleartext
Storing passwords in plain text poses a significant risk, especially in shared environments, as a security researcher recently discovered that Microsoft Edge saves decrypted credentials in its memory, making them vulnerable to exposure. This flaw allows saved passwords to be accessible even when they're not in use.

Defense Contractor Exposes Military Training Data Through API Flaw
A defense contractor's careless API flaw left sensitive military training data vulnerable, sparking a 152-day saga between the contractor and the open-source security project Strix that ultimately led to the exposure being patched. The breach was caused by a low-privilege account having broad access to user records and training materials due to lax authorization checks.

NCSC Warns of Impending AI-Driven Patch Surge
Get ready for a surge of software updates, warns the National Cyber Security Centre's CTO, as AI-driven patching is set to uncover and fix long-standing vulnerabilities across your tech stack. Prioritise your external attack surfaces and prepare for a "patch wave" to stay ahead of the threat.

CISA Warns of Data Theft Bug in NSA-Built OT Networking Tool
A critical vulnerability, CVE-2026-6807, has been discovered in an NSA-built networking tool that could allow hackers to steal sensitive information by exploiting an XML parsing weakness. If left unpatched, this flaw could lead to devastating data breaches.

Anthropic's Mythos Model Exposes Limited Capabilities
Anthropic's highly anticipated Mythos model, designed to proactively identify vulnerabilities, has been compromised - with a small group of individuals reportedly gaining unauthorized access to the preview through a third-party vendor environment. The incident has raised concerns about the model's limited capabilities to protect itself from exploitation.