Dirty Frag Won't Be The Last Exploit
CopyFail Compromises The Last 9 Years Of Linux Distros
The First Exploit - Pwn2Own Documentary (Part 2)
The World's Hardest Hacking Competition - Pwn2Own Documentary (Part 1)
Another Linux Distro Dropped Deepin Desktop
This Linux Bug Gives Attackers Root
IPv8 Changes Everything We Know About IP
…the Openwall oss-security mailing list suggests that the vulnerability and the working exploit were publicly disclosed without prior coordination with Linux distribution maintainers. In typical responsible disclosure processes, vendors are given…
…IBM contributes findings through coordinated disclosure, upstream open-source patches, and best practices shared with fellow participants, reflecting the company’s position that openness and scrutiny are prerequisites for security at scale…
…The disclosures continue a recent series of Windows security issues published by the same researcher, including earlier exploits named BlueHammer and RedSun. Those vulnerabilities reportedly resulted in administrator-level access through Windows…
Ubiquiti patches three max severity UniFi OS vulnerabilities By Sergiu Gatlan May 22, 2026 08:00 AM Ubiquiti has released security updates to patch three maximum severity vulnerabilities in UniFi OS that…
https://securityaffairs.com/193128/security/researcher-drops-a-new-vs-code-zero-day-after-losing-trust-in-microsofts-disclosure-process.html
This one has been building for a month and it came to a head this week. A researcher going by Chaotic Eclipse has released six Windows zero-days publicly over the past several weeks, covering Defender, BitLocker, and Win…
The traditional vulnerability disclosure timeline relies on a fundamental assumption: exploit development and vulnerability discovery take time. Over the last 12 months the integration of LLMs into offensive tooling has …
Disclosure: I work on Forkline, which maintains a fork of the retired Kubernetes ingress-nginx controller. NGINX published a security advisory for ngx_http_rewrite_module. The affected versions are NGINX Open Source belo…
TL;DR: If you are running NGINX Open Source below 1.30.1 or 1.31.0, you are affected by the current ngx_http_rewrite_module CVE batch. For Kubernetes ingress-nginx users this is especially relevant — the retired controll…
Microsoft Faces Backlash Over Criminal Probe Threat Against Security Researcher by Chris Harper — Saturday, May 30, 2026, 02:45 PM EDT Windows 11 has been his by a series of zero-day…
…As security researcher Himanshu Anand wrote earlier this month, “The 90 day responsible disclosure window was built for a world where bug finders were rare and exploit development was slow. That world…
…In this day and age, when AI-powered security research has arguably made the standard 90-day disclosure-to-patch window completely obsolete, and both time-until-exploit and unused exploits are…
…Part of a deliberate campaign MiniPlasma is yet another Windows zero-day disclosure from Chaotic Eclipse in the past six weeks. The researcher started in April with BlueHammer, a Windows Defender local…
…While the exact circumstances that triggered this spree of exploit leaks are still unclear, Nightmare Eclipse previously said that these disclosures are in protest of how Microsoft's Security Response Center (MSRC…
…However, Microsoft indicated that the vulnerabilities published by the security sleuth weren't shared with the company in advance, as highlighted in its Coordinated Vulnerability Disclosure (CVD) policy. Consequently, the company claimed…
