Oracle urges customers to patch an E-Business Suite vulnerability that cybercriminals are exploiting; Google's Mandiant says the Clop hacking group exploited it
AWAITING ANALYSIS — This CVE record has been marked for NVD enrichment efforts. CrowdStrike : CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracke...
A security researcher details how he discovered a zero-day vulnerability in the Linux kernel's SMB implementation by analyzing the code using OpenAI's o3 API
Now finding a Linux kernel-level zero day is as simple as knowing how to prompt. sean.heelan.io/2025/05/22/h... @davidcrespo : key detail in this very good post about finding a novel vuln with LLMs: e...
Researchers say a Next.js flaw that existed for several years could have let hackers bypass middleware-based authentication; Vercel patched the flaw on March 18
Next.js version 15.2.3 has been released to address a security vulnerability (CVE-2025-29927). zhero_web_security : Next.js and the corrupt middleware: the authorizing artifact National Vulnerability ...
A look at the 25-year-old CVE program, which assigns unique IDs to security flaws; 413 orgs report CVEs, with 40K+ reported in 2024, pushing the total to 270K+
this time for Cyberscoop—that examines the CVE system and how well it has weathered challenges over the past 25 years. — cyberscoop.com/cve-program-...
Researchers: when given 15 CVE descriptions, GPT-4 autonomously exploited 87% of the “one-day” vulnerabilities, compared to 0% for every other model tested
Researchers: when given 15 CVE descriptions, GPT-4 autonomously exploited 87% of the vulnerabilities, compared to 0% for every other model tested
While some other LLMs appear to flat-out suck — AI agents, which combine large language models with automation software …
Apple fixed an old bug exposing a device's real MAC address to nearby wireless routers even when Private Wi-Fi Address is enabled, including in Lockdown Mode
@dangoodin — https://arstechnica.com/... X: @mysk_co : The bug addressed in iOS 17.1 is about hiding the device's MAC address from joined networks, a privacy feature introduced in iOS 14. This shoul...
Analysis: tweets about CVEs, which peaked before Elon Musk took over, show a steep decline in recent months, suggesting the infosec Twitter community has shrunk
https://www.cyentia.com/... Eduardo Cuducos / @cuducos.me : So long Infosec Twitter https://www.cyentia.com/... Mastodon: Dr. Juande Santander-Vela / @juandesant@astrodon.social : @Techmeme they might...
Unit 42: hackers typically scan for vulnerabilities within 15 minutes of a new CVE disclosure; the first active exploitation attempts are observed within hours
Bill Toulas / BleepingComputer : Source: Unit 42 .
Inside the US government's effort to enlist tech and media into the fight against ISIS, where lack of trust and a dearth of Arab voices stymie concrete steps
Inside The Obama Administration's Attempt To Bring Tech Companies Into The Fight Against ISIS — WASHINGTON, D.C. … Tweets: @johnpaczkowski , @ericgeller , @trevortimm , @miriamelder and @mlcalderone...