This Linux Bug Gives Attackers Root
Dirty Frag Won't Be The Last Exploit
Sorry Windows 10 Users...
Firefox JIT Bug - Pwn2Own Documentary (Part 3)
An initiative to secure the world's software | Project Glasswing
Microsoft Windows Agentic AI Malware
AI Is Hacking Everything Now...
Intel again making chips for Apple? Googlebook + [UNNAMED] OS - Talking Heads Ep.432
A Vulnerability to Hack The World - CVE-2023-4863
MechaCon: PS2s Unbreakable Gatekeeper ...Until it wasn't
…Security researcher Hyunwoo Kim disclosed finding a nine-year-old flaw, and published a proof-of-concept (PoC) exploit. He named the vulnerability Dirty Frag, and explained that it works by chaining…
…As we've seen with Windows, only one of the recent exploits courtesy of Nightmare-Eclipse have been patched , but not before the security holes and exploits were publicly disclosed. Tags: Linux…
…The security issue is tracked as CVE-2026-26956 and has been confirmed to impact vm2 version 3.10.4, although earlier releases may also be vulnerable. Proof-of-concept (PoC) exploit…
…Our security team worked with kernel engineers to determine which kernel versions were vulnerable and assess the potential exposure. Validating coverage: Security reviewed the exploit technique and confirmed that our existing behavioral…
I co-founded a successful security company close to the Mythos ecosystem and have spoken with participants in the know and I am deeply concerned. We, collectively, have answers for some but not all of the problems ahead …
The traditional vulnerability disclosure timeline relies on a fundamental assumption: exploit development and vulnerability discovery take time. Over the last 12 months the integration of LLMs into offensive tooling has …
This one has been building for a month and it came to a head this week. A researcher going by Chaotic Eclipse has released six Windows zero-days publicly over the past several weeks, covering Defender, BitLocker, and Win…
For over a decade, I’ve been doing bug bounty, security audits, and security consulting. And if there’s one thing I’ve seen repeatedly, it’s this:Most startups call a security engineer or hire a security agency only when…
This is something that has been bouncing around my head for the past couple weeks with the flood of security related news around Mythos and the number of 0days being found.Microkernels, unikernals, hardware-enforced capa…
Cybersecurity Dirty Frag exploit gets root on most Linux machines since 2017, no patches available Cybersecurity College student hacks Taiwan high-speed rail line, stopping four trains Cybersecurity Security researcher says that…
…As security researcher Himanshu Anand wrote earlier this month, “The 90 day responsible disclosure window was built for a world where bug finders were rare and exploit development was slow. That world…
Patches Google rushes Chrome update fixing two zero-days already under attack Skia graphics lib and V8 JavaScript engine brings browser's tally of actively exploited bugs to three in 2026 Google…
…It is unclear if Apple has already patched the exploit. Apple's security notes for the macOS 26.5 update released this week mention a fix for a kernel-level vulnerability, and…
…In return, vendors of software and hardware products have the opportunity to improve their security mechanisms, downstreaming the benefits to regular consumers too. The discovered 0-day exploits are validated on-site…
…Exploitability in the real world Some security researchers have pushed back on the real-world exploitability claims surrounding CVE-2026-42945, arguing that DepthFirst's proof-of-concept relies on highly specific…