#vulnerability disclosure
31 stories taggedvulnerability disclosure.

Nine Security Flaws Found in ATM Encryption Software, and Nobody Agrees How Bad It Is
A researcher found serious bugs in software that locks ATM hard drives. The world's biggest ATM maker says they don't matter. The researcher disagrees. The truth is somewhere uncomfortable.

The Summer Everyone Launched a Clearinghouse
Vendor announcements have piled up fast. But not every 'clearinghouse' is a fresh idea, and the differences matter more than the marketing suggests.

AI Coding Assistants Fooled by Decades-Old File Trick to Attack Developer Machines
A technique as old as Unix itself let researchers plant hidden traps inside innocent-looking code projects, then watch AI tools quietly rewrite the wrong files while developers clicked 'approve'.

Microsoft patches 'RoguePlanet' Defender flaw after researcher publishes exploit in disclosure spat
The zero-day let attackers hand themselves the keys to a fully patched Windows machine. It was revealed by a researcher publicly feuding with Microsoft.

A New Citrix NetScaler Flaw Is Already Being Exploited, And It Looks Familiar
A security hole in widely used Citrix network equipment is leaking corporate secrets from memory. Attackers moved within 24 hours of the patch dropping.

Adobe Is Doubling Its Patch Releases — Here's Why That Matters
Starting in July, Adobe will push security fixes twice a month instead of once. Blame faster vulnerability discovery, AI-assisted research, and a threat pace that monthly updates can no longer keep up with.

Active Exploitation Reported Against Progress Kemp LoadMaster Pre-Auth RCE (CVE-2026-8037)
Threat responders flag in-the-wild attempts against a 9.6-rated OS command injection flaw in the load balancer, days after Progress issued a fixed build.

Dify AI Platform Carried Multi-Tenant Flaws Exposing Private Chats and Internal APIs
Cross-tenant data leakage vulnerabilities in Dify's cloud service let attackers read other users' conversations, preview documents, and probe internal API endpoints.

Samsung KNOX Use-After-Free Bug Sat in Galaxy Devices for Eight Years Before Patch
A high-severity kernel-level flaw in Samsung's KNOX security framework affected Galaxy handsets from the S9 through the S25 — a product window spanning nearly a decade.

DifyTap: Four Unauthenticated Bugs in Dify Expose Cross-Tenant AI Conversations
Researchers at Zafran say a chain of flaws in the popular agentic workflow platform let attackers read other tenants' chats without logging in.

Microsoft Acknowledges 'RoguePlanet' Defender Zero-Day, Patch Still in the Works
CVE-2026-50656 is a privilege escalation bug in the Malware Protection Engine — the component sitting at the heart of every Defender install.

Twenty-Five Orgs Are Quietly Triaging Open-Source Vulns Before You Hear About Them
A coalition called Athena is building shared infrastructure to find, fix, and harden OSS projects in the window between discovery and public disclosure.

GreatXML's BitLocker Bypass Claim Falls Short — For Now
A pseudonymous researcher dropped an alleged WinRE-based BitLocker exploit days after Patch Tuesday. A respected vulnerability analyst couldn't replicate it. The researcher is already hunting a fix.

GreatXML Bypasses BitLocker Through a Trusted Recovery Path
A researcher's four-hour weekend project shows how Windows' own offline scan plumbing can sidestep full-disk encryption.

ServiceNow's Unauthenticated API Endpoint Left Tenant Data Exposed for Months
An API resource shipped with authentication disabled by default. Now enterprises are asking whether the 'security researcher' explanation fully covers what got accessed.