Vulnerability Disclosure in the Age of AI

New article: "Responsible Disclosure in the Age of AI: A Call for Urgent Action," by Melissa Hathaway. Abstract: Artificial intelligence is fundamentally reshaping the balance between vulnerability discovery and remediation. Frontier AI models are now capable of autonomously identifying exploitab...

CVE-1999-0387

A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords...

Exploit for CVE-2025-49173

CVE-2025-49173 — macOS 10.9 Local Root Privilege Escalation R...

CVE-2025-42701

A race condition exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary files. CrowdStrike released a security fix for this issue in Falcon sensor for Windows versions 7.24 and above and all Long Term Visibility...

EUVD-2019-15722

Malware in sbrugna...

EUVD-2021-14748

Malware in sbrugna...

EUVD-2022-52450

Malicious code in bioql PyPI...

Outdated Tech, Rising Risk: How Federal Agencies Can Eliminate Tech Debt and Reduce Cyber Risk

Amid shrinking budgets and workforce pressures, your agency, like many across the federal government, is likely grappling with the growing challenge of technical debt tech debt. Tech debt, the accumulation of outdated or under-maintained technology, can slow progress and put your agency’s mission...

Quantum-safe security: Progress towards next-generation cryptography

Quantum computing promises transformative advancements, yet it also poses a very real risk to today’s cryptographic security. In the future scalable quantum computing could break public-key cryptography methods currently in use and undermine digital signatures, resulting in compromised...

SoK: Stealing Cars since Remote Keyless Entry Introduction and How to Defend from It

Remote Keyless Entry RKE systems have been the target of thieves since their introduction in automotive industry. Robberies targeting vehicles and their remote entry systems are booming again without a significant advancement from the industrial sector being able to protect against them...

3xplo1tz

3xplo1tz A meticulously curated collection of exploitation too...

Taming API Sprawl: Best Practices for API Discovery and Management

APIs are the backbone of interconnected applications, enabling organizations to innovate, integrate, and scale rapidly. However, as enterprises continue to expand their digital ecosystems, they often encounter a common and complex challenge: API sprawl. Unchecked, API sprawl can lead to increased...

Why Is It So Challenging to Go Passwordless?

Imagine a world where you never have to remember another password. Seems like a dream come true for both end users and IT teams, right? But as the old saying goes, "If it sounds too good to be true, it probably is." If your organization is like many, you may be contemplating a move to passwordles...

Considerations for Operational Technology Cybersecurity

Operational Technology OT refers to the hardware and software used to change, monitor, or control the enterprise's physical devices, processes, and events. Unlike traditional Information Technology IT systems, OT systems directly impact the physical world. This unique characteristic of OT brings...

Enforce and Report on PCI DSS v4 Compliance with Rapid7

The PCI Security Standards Council PCI SSC is a global forum that connects stakeholders from the payments and payment processing industries to craft and facilitate adoption of data security standards and relevant resources that enable safe payments worldwide. According to the PCI SSC website, “PC...

Mastering Industrial Cybersecurity: The Significance of Combining Vulnerability Management with Detection and Response

Written by Elad Ben-Meir, CEO SCADAfence, a Honeywell company. In today's digital era, where industries are increasingly reliant on advanced technologies, safeguarding critical infrastructure against cyber threats has become paramount. The convergence of operational technology OT and information...

5 Reasons Why IT Security Tools Don't Work For OT

Attacks on critical infrastructure and other OT systems are on the rise as digital transformation and OT/IT convergence continue to accelerate. Water treatment facilities, energy providers, factories, and chemical plants — the infrastructure that undergirds our daily lives could all be at risk...

SUSE CVE-2021-28041

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

The Value of Old Systems

Old technology solutions – every organization has a few of them tucked away somewhere. It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago. This is a common scenario with software too. For example, consider an accounting...

Why Agentless DAM is a Better Option for Securing Cloud Data

In the context of on-premises database activity monitoring DAM, security teams use agents to enable them to see all requests coming into the databases as well as all responses going out of the databases. In other words, the agent-based approach enables database activity monitoring independent of...