This Linux Bug Gives Attackers Root
Firefox JIT Bug - Pwn2Own Documentary (Part 3)
AI Is Hacking Everything Now...
I'd blame Roblox for my data breach too; Apple fixes Notification History bug - Talking Heads Ep.430
5 Critical UniFi CVEs and How to Avoid the Risk
Advancing silicon security through Formal Verification | Chips & Salsa | Intel
Cadence Cuts Chip Verification From Weeks to Hours With AI Engineers and NVIDIA OpenShell
CopyFail Compromises The Last 9 Years Of Linux Distros
AMD Gaslights Security Researcher, Changes Rules Retroactively
Mythos unleashed on Opensource
The Supply Chain Attacks All Have One Thing in Common. It's GitHub.
Linux fights back on AI slop, More Adobe on Linux, big browser redesigns - Linux Weekly News
… Topics CISA , cybersecurity , In Brief , Security , zero-day Related Security Microsoft’s open source tools were hacked to steal passwords of AI developers Security WhatsApp says it caught new spyware attacks linked to NSO Group in violation of court order Security US cyber agency CISA exposed ream…
… We’re told the two organizations “work directly with maintainers and their communities to make emerging security capabilities accessible, practical, and aligned with existing project workflows.” Further: “The effort will support sustainable strategies that help maintainers manage growing security d… …
… ServiceNow tells TechCrunch that the security incident was not a hack, but the work of security researchers who were looking for vulnerabilities that they could submit for a bug bounty program. “Alongside our own investigation, we have been in contact with the security researchers who initially rep… …
Mozilla says it has patched over 400 bugs with the help of Anthropic Mythos The tool had to be 'harnessed' to Firefox for the best results Mythos offers a step away from the typical 'unwanted slop' provided by AI fuzzing tools Anthropic’s latest cybersecurity tool Mythos is continuing to make waves… …
UPDATE: Significant new information has emerged. MSI's technical team went well above and beyond once this reached the right people, and the evidence now points clearly away from MSI as the responsible party. A more comp…
This is something that has been bouncing around my head for the past couple weeks with the flood of security related news around Mythos and the number of 0days being found.Microkernels, unikernals, hardware-enforced capa…
Despite all the hype around Mythos, Claude Fable 5 returned pretty mid-tier results on coding tasks: 59.8% passing functional solves and just 19.0% passing security solves on a benchmark of 200 real-world tasks.
This is part of the dirtyfrag family, but is different enough to warrant its own CVE. https://www.bleepingcomputer.com/news/security/new-fragnesia-linux-flaw-lets-attackers-gain-root-privileges/ Known as Fragnasia and tr…
For over a decade, I’ve been doing bug bounty, security audits, and security consulting. And if there’s one thing I’ve seen repeatedly, it’s this:Most startups call a security engineer or hire a security agency only when…
Linux founder Linus Torvalds said in his most recent state of the kernel post that “the continued flood of AI reports has basically made the security list almost entirely unmanageable, with enormous duplication due to different people finding the same things with the same tools,” as The Register re… …
… In other words, they're architecting digital solutions for different classes of vulnerabilities that eliminate them or make them significantly less exploitable in practice. “You can’t patch your way out of this,” says longtime security engineer and researcher Niels Provos. “You need to build infras…
… This includes cybersecurity veterans, such as Luta Security founder Katie Moussouris, who while working at Microsoft in the mid- to late 2000s pioneered bug bounties and convinced the technology giant to move away from the concept of “responsible disclosure” by framing the process as “ coordinated … …
… Greg remarked with today's pull request : "The "largest" change overall is just some documentation updates to the security-bugs.rst file to hopefully tell the AI tools and any users that actually read the documentation , how to send us better security bug reports as the quantity of reports these pa… …
… In October, we learned that other Beijing crews – including Salt Typhoon – also joined in the attacks. ® security microsoft cybersecurity and infrastructure security agency cybercrime cyber-crime
… It turns out that the majority of the bugs reported via the security team are just regular bugs that have been improperly qualified as security bugs due to a lack of awareness of the Linux kernel's threat model, as described in Documentation/process/threat-model.rst, and ought to have been sent thr… …