OpenAI Launches Daybreak for AI-Powered Vulnerability Detection and Patch Validation

OpenAI has launched Daybreak , a new cybersecurity initiative that brings together frontier artificial intelligence AI model capabilities and Codex Security to help organizations identify and patch vulnerabilities before attackers find a way in using the same issues. "Daybreak combines the...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improve patch ioctl data validation In loaddata, make the validation of and skipping over the main info block match that in loadguspatch. In loadguspatch, add checking that the specified patch length matches the...

Why LLMs Fail: A Failure Analysis and Partial Success Measurement for Automated Security Patch Generation

Large Language Models LLMs show promise for Automated Program Repair APR, yet their effectiveness on security vulnerabilities remains poorly characterized. This study analyzes 319 LLM-generated security patchesacross 64 Java vulnerabilities from the Vul4J benchmark. Using tri-axis evaluation...

CVE-Factory: Scaling Expert-Level Agentic Tasks for Code Security Vulnerability

CVE-Factory is a Multi-Agent system for fully automated, end-to-end CVE reproduction. Given CVE records, the system automatically researches details, generates test cases, builds Docker environments, and validates that each vulnerability can be both exploited and patched. The pipeline transforms...

PT-2025-53112

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where the extent length for uncompressed pclusters is not validated, potentially leading to a use-after-free condition. This was identified through...

Windows10-Exploitation-Validation

Windows 10 Exploitation & Security Validation 🎯 Project Ob...

What is Patch Management Automation and Why It Matters

Executive Summary Environments rarely stay as orderly as they begin. New workloads, faster releases, and growing attack surfaces stretch manual patching beyond its limits. The real risk emerges in the widening gap between spotting a vulnerability and fixing it. Automated patch management closes...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990330)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990330 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improve patch ioctl data validation In loaddata, make the validation of and skipping...

EUVD-2022-32324

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-38710

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - gfs2: Validate idepth for exhash directories A fuzzer test introduced corruption that ends up with a depth of 0 in direread, causing an undefined shift by 32 a...

SoK: Automated Vulnerability Repair: Methods, Tools, and Assessments

The increasing complexity of software has led to the steady growth of vulnerabilities. Vulnerability repair investigates how to fix software vulnerabilities. Manual vulnerability repair is labor-intensive and time-consuming because it relies on human experts, highlighting the importance of...

CVE-2025-25306

Misskey CVE-2025-25306 concerns insufficient validation of the relation between the id and url fields in ActivityPub objects, allowing forging of objects and potential authenticity claims across instances. Affected version is before 2025.2.1, with the issue addressed in 2025.2.1. Concrete technic...

CVE-2022-28781

Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller...

GHSA-3FFF-GQW3-VJ86 Directus has an insecure object reference via PATH presets

Impact Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. This is possible because the application only validates the user parameter in the POST /presets request but not in the PATCH request. When chained with...

CVE-2023-52855 usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency

In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency In dwc2hcdurbenqueue, "urb-hcpriv = NULL" is executed without holding the lock "hsotg-lock". In dwc2hcdurbdequeue: spinlockirqsave&hsotg-lock, flags;...

CVE-2022-35993

TensorFlow is an open source platform for machine learning. When SetSize receives an input setshape that is not a 1D tensor, it gives a CHECK fails that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit cf70b79d2662c0d3c6af74583641e345fc939467. The fix...

CVE-2022-28787

Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic...

Unpatched Domain Controllers Remain Vulnerable to Netlogon Vulnerability, CVE-2020-1472

The Cybersecurity and Infrastructure Security Agency CISA is aware of active exploitation of CVE-2020-1472, an elevation of privilege vulnerability in Microsoft’s Netlogon. A remote attacker can exploit this vulnerability to breach unpatched Active Directory domain controllers and obtain domain...

78.129.222.56 Cross Site Scripting vulnerability

Security Researcher metamorfosec Helped patch 1944 vulnerabilities Received 9 Coordinated Disclosure badges Received 31 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting 78.129.222.56 website and its users. Following...

CVE-2017-12341

CVE-2017-12341 affects Cisco NX-OS System Software CLI. The issue arises from insufficient input validation during patch image installation, allowing an authenticated local attacker with valid admin credentials to execute arbitrary commands as root prior to patch activation. Affected platforms in...