Tag

#vulnerability disclosure

31 stories taggedvulnerability disclosure · page 2 of 3.

Vulnerabilities

RoguePlanet Zero-Day Drops as Nightmare Eclipse–Microsoft Feud Reaches New Low

A race-condition bug in Microsoft Defender can yield a SYSTEM shell on fully patched Windows 11 and 10. No patch exists. The researcher dropped it the day after June Patch Tuesday.

3 min
AI Security

Anthropic's Mythos Shows AI Can Find Bugs Faster Than Humans. The Bug Bounty Model May Not Survive It.

Machine-speed vulnerability discovery is no longer theoretical. The question now is whether the bounty ecosystem — and the offensive security teams inside it — are priced and structured for a world where finding flaws is the easy part.

2 min
Vulnerabilities

One-Click VS Code Flaw Exposed GitHub OAuth Tokens to Theft

A researcher-disclosed bug in Microsoft's browser-based VS Code variant let a single crafted link siphon tokens with read/write access to private repos.

3 min
Vulnerabilities

FFmpeg Gets 21 New Bugs from an AI Fuzzer; Chrome 149 Ships a Record 429 Fixes

An autonomous agent dug up zero-days in the codec library that ships in everything. Google's browser shipped its largest single security release on record. Same week.

2 min
Vulnerabilities

HTTP/2 Bomb: A Decade-Old Compression Trick Finally Gets a CVE

A chained HPACK attack lets small packets force runaway memory allocation on nginx, Apache, IIS, Envoy, and Cloudflare's Pingora. Patches are partial. Exposure is wide.

2 min
Vulnerabilities

GitHub's Browser VSCode Handed Attackers a Skeleton Key to Your Private Repos

An unscoped OAuth token, a Jupyter notebook, and a skipped publisher trust check. That's all it took.

3 min
Vulnerabilities

HTTP/2 Default Configs Leave Web Servers Open to Compression-Bomb, Slowloris Combo Attack

A chained exploit targeting HTTP/2's default settings can take servers offline in seconds — no patch issued yet for the underlying configuration exposure.

2 min
Vulnerabilities

Microsoft Threatened a Bug Hunter With Legal Action. Now It's Walking That Back.

A researcher dropped unpatched zero-days with working exploits. Microsoft's first response was to reach for the lawyers. That went poorly.

2 min
Policy & Regulation

Trump Signs AI Cybersecurity Order, Reviving the Pre-Release Review Provisions His Team Killed Two Weeks Ago

The new directive creates a voluntary framework for government review of frontier AI models and spins up a Treasury-led vulnerability clearinghouse — while going out of its way to say none of this is mandatory.

3 min
AI Security

One Click, Full Shell: Flowise MCP Flaw Scores 9.9 CVSS

A sandboxing failure in Flowise's MCP stdio implementation lets an attacker execute arbitrary OS commands with process-level privileges — and the patches so far don't close the hole.

2 min
Vulnerabilities

Microsoft and Researcher Nightmare Eclipse Trade Public Accusations Over Disclosure Gone Wrong

A researcher who published unpatched vulnerability details says Microsoft deleted his accounts and ruined his life. Microsoft says his drops put proof-of-concept code in criminals' hands. Neither is entirely wrong.

3 min
Vulnerabilities

Account Takeover Flaw in Pretalx CFP Tool Let Attackers Accept Any Conference Talk

An account takeover vulnerability in the open-source call-for-papers platform Pretalx could allow an unauthenticated attacker to manipulate submission outcomes, researchers at Novee have found.

3 min
AI Security

Ten Thousand Bugs, One Model: Inside Anthropic's Project Glasswing

Claude Mythos Preview has scanned more than a thousand open-source projects and surfaced thousands of critical flaws. The bottleneck has moved — and the patch queue is not moving fast enough.

3 min
AI Security

Anthropic Says Project Glasswing AI Has Flagged 10,000 High-Severity Bugs in a Month

The Claude-based scanner has been pointed at widely deployed open-source code since October. Anthropic has not named the affected projects.

2 min
Policy & Regulation

Twelve Hours, or Else: India's New Patch Clock Starts Ticking

CERT-In tells operators of internet-facing systems to close critical flaws within half a day, citing AI-assisted exploit chains that compress the attacker's runway to minutes.

2 min
© 2026 Threat Vectr