AI agents found vulns in this Linux and Unix print server
…printers are vulnerable to these CVEs, and he hasn't personally seen any signs of exploitation to date. "But given that the maintainer-released advisories contain the PoCs and that LLMs can…
Search
AI agents are 'gullible' and easy to turn into your minions
…Black Hat and other security conferences - developing working exploits in all of the big AI assistants that require no user interaction. Earlier this month, Zenity disclosed a family of vulnerabilities that allowed…
Google: Spyware vendors, China-linked spies led 0-day abuse
…90 zero-day vulnerabilities actively exploited last year, which is more than 2024's number (78) , but still not as many as 2023's record high of 100 . And while end-user…
Old Adobe Reader zero-day uses PDFs to size up targets
…Another researcher, Gi7w0rm , found that lure documents tied to the exploit contain Russian-language content referencing current events in the country's oil and gas sector. That doesn't prove attribution, but…
ShinyHunters claims yet another Salesforce customers breach
…The original tool identifies vulnerable objects by probing API endpoints that these sites expose (specifically the /s/sfsites/aura endpoint). ShinyHunters' version, however, goes beyond this and exploits overly permissive guest user…
Amazon security boss: AI makes pentesting 40% more efficient
…AI is pentesting an application, and it finds a vulnerability that will provide further access, you want the AI to ask a human whether it exploits that access," Moses said. "AI is…
Microsoft Azure CTO says Claude found vulns in Apple II code
…The existence of the vulnerability in Apple II type-in code has only amusement value, but the ability of AI to decompile embedded code and find vulnerabilities is a concern. "Billions of…
AI slop got better, so now maintainers have more work
…For the curl project, that has meant less AI slop and more demand upon maintainers who have to evaluate more plausible vulnerability reports. "Over the last few months, we have stopped getting…
Anthropic's Mythos has The Kettle crew curious, skeptical
…the launch of Mythos, an AI model it says is able to find and exploit zero-day vulnerabilities with a shocking level of ability. This, of course, makes it a perfect topic…
1K+ cloud environments infected via Trivy attack
…Security that finds vulnerabilities, misconfigurations, and exposed secrets. Developers commonly embed this scanner into their CI/CD pipelines - and this makes it a boon for attackers to exploit because it allows them…