Oracle urges customers to patch an E-Business Suite vulnerability that cybercriminals are exploiting; Google's Mandiant says the Clop hacking group exploited it
AWAITING ANALYSIS — This CVE record has been marked for NVD enrichment efforts. CrowdStrike : CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracke...
A security researcher details how he discovered a zero-day vulnerability in the Linux kernel's SMB implementation by analyzing the code using OpenAI's o3 API
Now finding a Linux kernel-level zero day is as simple as knowing how to prompt. sean.heelan.io/2025/05/22/h... @davidcrespo : key detail in this very good post about finding a novel vuln with LLMs: e...
CISA says it will extend funding to Mitre, which runs the CVE Program, and “there will be no lapse in critical CVE services”, after Mitre said funding expired
CISA says the U.S. government has extended MITRE's funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program.
Researchers say a Next.js flaw that existed for several years could have let hackers bypass middleware-based authentication; Vercel patched the flaw on March 18
Next.js version 15.2.3 has been released to address a security vulnerability (CVE-2025-29927). zhero_web_security : Next.js and the corrupt middleware: the authorizing artifact National Vulnerability ...
A look at the 25-year-old CVE program, which assigns unique IDs to security flaws; 413 orgs report CVEs, with 40K+ reported in 2024, pushing the total to 270K+
this time for Cyberscoop—that examines the CVE system and how well it has weathered challenges over the past 25 years. — cyberscoop.com/cve-program-...
Researchers: when given 15 CVE descriptions, GPT-4 autonomously exploited 87% of the “one-day” vulnerabilities, compared to 0% for every other model tested
Researchers: when given 15 CVE descriptions, GPT-4 autonomously exploited 87% of the vulnerabilities, compared to 0% for every other model tested
While some other LLMs appear to flat-out suck — AI agents, which combine large language models with automation software …
Apple fixed an old bug exposing a device's real MAC address to nearby wireless routers even when Private Wi-Fi Address is enabled, including in Lockdown Mode
@dangoodin — https://arstechnica.com/... X: @mysk_co : The bug addressed in iOS 17.1 is about hiding the device's MAC address from joined networks, a privacy feature introduced in iOS 14. This shoul...
Analysis: tweets about CVEs, which peaked before Elon Musk took over, show a steep decline in recent months, suggesting the infosec Twitter community has shrunk
https://www.cyentia.com/... Eduardo Cuducos / @cuducos.me : So long Infosec Twitter https://www.cyentia.com/... Mastodon: Dr. Juande Santander-Vela / @juandesant@astrodon.social : @Techmeme they might...
Unit 42: hackers typically scan for vulnerabilities within 15 minutes of a new CVE disclosure; the first active exploitation attempts are observed within hours
Bill Toulas / BleepingComputer : Source: Unit 42 .