Skip to main content

Tag: vulnerability disclosure

42 articles

Analysts in a security operations center work together to respond to an incident on multiple monitors displaying code and…

Breach Exposes Anthropic's AI Model Vulnerability

A shocking security breach has exposed a vulnerability in Anthropic's advanced AI model, Mythos, allowing unauthorized users to gain access by simply changing a model name. This incident raises serious concerns about the safety and reliability of cutting-edge AI technology.

Analyst 207
Shattered padlock on cracked digital surface with error message and accusatory finger in background.

Lovable Disputes Data Leak, Shifts Blame to HackerOne

Lovable, a coding platform, is facing scrutiny after a security researcher uncovered a major data leak, exposing users' sensitive information, including credentials, chat history, and source code, to anyone with a free account. The company's shifting explanations have only added fuel to the fire, sparking concerns about its data handling practices.

Analyst 207
A figure in shadows holds a cracked smartphone in front of a ominous laptop screen with a warning symbol and cityscape…

CISA Pushes AI Firms to Join Vulnerability Disclosure Efforts

The Cybersecurity and Infrastructure Security Agency (CISA) is calling on AI companies to take a more active role in disclosing vulnerabilities, sparking a crucial conversation about who's responsible for revealing flaws in AI systems. By joining forces, CISA and AI firms can work together to strengthen vulnerability disclosure efforts and protect against potential threats.

Analyst 207
Vulnerability Enumeration: Exclusive Best Practice Unveiled

Vulnerability Enumeration: Exclusive Best Practice Unveiled

Who names a vulnerability shapes who fixes it. Dive into why the new GCVE challenges the decades-old CVE system and what that means for global vulnerability enumeration, patching speed, and trust.

Analyst 207
UK Report: Stunning liability rules could be costly

UK Report: Stunning liability rules could be costly

What if the software that runs hospitals, banks and supply chains could be held legally liable for every flaw? A new UK report urges clearer legal liability to force better security and faster fixes — but warns those protections could be costly, reshape markets and squeeze smaller vendors.

Analyst 207
Legal Restrictions on Vulnerability Disclosure Stunning Risk

Legal Restrictions on Vulnerability Disclosure Stunning Risk

Imagine signing a bug report and being legally silenced while a company quietly leaves a dangerous flaw unpatched — thats the unsettling new reality of vulnerability disclosure, where contracts can muzzled researchers and leave defenders blind.

Analyst 207
Fortinet Exclusive: Critical FortiWeb CVE-2025-58034

Fortinet Exclusive: Critical FortiWeb CVE-2025-58034

Exclusive: A critical FortiWeb vulnerability (CVE-2025-58034) has been disclosed — find out what it means for your environment and the quick steps to keep your systems protected.

Analyst 207
Dark cityscape with giant cracked smartphone screen hovering above skyscrapers, reflecting laptop screens below, with a…

Chrome Zero-Day Exclusive: Dangerous Mem3nt0 mori Attacks

A fresh Chrome zero-day is powering dangerous Mem3nt0 mori attacks. Learn how they work and what quick steps you can take to stay safe.

Analyst 207
firewall vulnerabilities: Exclusive Risky Flaws Exposed

firewall vulnerabilities: Exclusive Risky Flaws Exposed

Senator Cassidy has blasted Cisco with a pointed letter after critical firewall flaws were reportedly used to breach at least one federal agency, asking whether the vendor delayed disclosure or patches while networks stayed exposed. His probe spotlights urgent questions about vendor transparency, coordinated disclosure, and who’s accountable when core defenses fail.

Analyst 207
ArcGIS Server Stunning Risk: Backdoor Exposed

ArcGIS Server Stunning Risk: Backdoor Exposed

Think your network’s safe? Researchers say a China-linked group quietly turned an ArcGIS Server into a persistent backdoor for over a year, using it to move laterally and stash tools while going largely unnoticed. It’s a wake-up call to inventory exposed services, patch urgently, and add monitoring so hidden footholds don’t become strategic liabilities.

Analyst 207
Apple bug bounty: Stunning $5M Boost — Best Move

Apple bug bounty: Stunning $5M Boost — Best Move

Apple just doubled its top direct bug bounty and added bonuses that can push total payouts to $5M—a clear signal it’s serious about paying for the most dangerous fixes. That boost could speed patches, entice top researchers away from gray markets, and reshape how the industry rewards the people who keep our devices safe.

Analyst 207
token-handling flaw: Stunning Entra ID Risk Exposed

token-handling flaw: Stunning Entra ID Risk Exposed

A newly disclosed flaw in Microsoft’s Entra ID could have let attackers forge tokens to impersonate apps or users across many tenants — but quick action by Microsoft and a responsible researcher likely averted disaster. Now’s the time for organizations to harden token handling and tighten identity controls before the next flaw shows up.

Analyst 207
HexStrike AI: Stunning, Risky Weaponization Threat

HexStrike AI: Stunning, Risky Weaponization Threat

HexStrike AI — built to speed up red teaming — was reportedly repurposed by attackers to exploit newly disclosed Citrix flaws within days, a wake-up call that AI-driven automation can quickly turn defensive tools into potent offensive weapons and makes faster patching and hardened defenses essential.

Analyst 207
university affiliations: Risky Abuse Demands Must-Have Fix

university affiliations: Risky Abuse Demands Must-Have Fix

Censys warns that state-linked actors are exploiting academic credentials to disguise malicious internet-mapping, putting trusted research tools to dangerous use. That leaves platforms and universities walking a tightrope between protecting open science and stopping covert, state-backed abuse.

Analyst 207
bug bounty programs: Must-Have Best Practices

bug bounty programs: Must-Have Best Practices

Bug bounties can be brilliant — they turn curious outsiders into powerful allies who find and help fix real-world flaws before attackers do — but when programs are poorly scoped, underpaid, or legally hostile they breed frustration, public disclosures, and real risk. Get the incentives, triage, and policies right and they strengthen security; get them wrong and the results can be expensive, embarrassing, or downright ridiculous.

Analyst 207
exploit code Exclusive: Risky Leak Spurs Policy Shift

exploit code Exclusive: Risky Leak Spurs Policy Shift

After a SharePoint zero-day was weaponized, Microsoft quietly stopped sharing proof-of-concept exploit code with some Chinese firms — a pragmatic but politically fraught move that highlights the uneasy trade-off between helping defenders and giving attackers a roadmap. The incident makes clear we need faster patching, tighter disclosure controls, and better international norms to protect users without splintering cooperation.

Analyst 207
M365 Copilot Exclusive Risk Alert: Critical Silence

M365 Copilot Exclusive Risk Alert: Critical Silence

Imagine someone fixed a door in your house without telling you it was open—would you sleep easier? Microsoft’s quiet patch to an M365 Copilot security bypass, applied without a CVE or public advisory, has left IT teams scrambling for visibility, compliance proof, and clear guidance.

Analyst 207
Hard-Coded Credentials: Risky HPE Flaw — Must-Read

Hard-Coded Credentials: Risky HPE Flaw — Must-Read

HPE Instant On access points were found to contain unchangeable, hard‑coded credentials (CVE‑2025‑37103, CVSS 9.8), effectively creating a built‑in backdoor—if you manage these devices, inventory affected models, apply vendor patches, and lock down remote access now. This wake‑up call proves why secure‑by‑design firmware and rapid patching are nonnegotiable.

Analyst 207