Tag

Vulnerabilities

All articles tagged with #vulnerabilities

security1 day ago•8 min saved

AI-Fueled Bug Hunt Redraws the Security Patch Landscape

AI agents are increasingly autonomously finding software flaws and crafting exploits, upending bug-bounty economics as researchers log far more discoveries and attackers speed up development. Major programs are trimming or shifting payouts (Curl’s bounty ended; Google adjusted Chrome/Android rewards) and experts warn that faster zero-days and compressed disclosure windows could pressure quicker patches. The trend, including industry calls for structural defenses and architecture changes, suggests a future where human-led bug hunting remains essential but must be complemented by better-infrastructure that makes many bugs irrelevant.

via WIRED|

#ai #bug-bounty #cybersecurity

security3 days ago•16 min saved

AI-Generated Reports, GitHub Chaos, and Linux Vulnerabilities This Week

This week highlights AI’s role in security reporting amid a flood of Linux flaws: Google’s Project Zero exposed a zero-click Pixel 10 exploit chained from a Dolby decoder memory flaw to kernel memory (patched in Feb 2026, 71 days after disclosure); Linus Torvalds praises AI tools but urges verification and fixes for AI-generated bug reports; GitHub discusses AI-generated reports in bug bounties and reports a breach via a compromised VSCode extension; Linux moves to remove zero-copy AF_ALG to curb CopyFail risks; new bugs raise root/DoS/RCE concerns (pid-fd/ssh-keysign-pwn, RDS-pintheft, nginx-rift/nginx-poolslip); Google discloses a Chromium botnet risk tied to JavaScript service workers with patch timing unclear; and a CISA credential leak in a public GitHub repo underscores ongoing access-risk from exposed tokens.

via Hackaday|

#ai #github #linux

security4 days ago•3 min saved

Ubiquiti issues patches for three high-severity UniFi OS flaws exploitable remotely

Ubiquiti released patches for three max-severity UniFi OS vulnerabilities (CVE-2026-34908/34909/34910) that allow remote attackers to change targeted systems, access underlying files, or inject commands, plus earlier patches for CVE-2026-33000 and CVE-2026-34911. The flaws can be exploited with low complexity on UniFi OS devices. Threat intel tracks nearly 100,000 internet-exposed UniFi OS endpoints (many in the U.S.); there’s no public confirmation of exploitation yet. The fixes were disclosed via HackerOne.

via BleepingComputer|

#cve-2026-34908 #cve-2026-34910 #security

security14 days ago•7 min saved

Microsoft May 2026 Patch Tuesday patches 120 flaws, no zero-days detected

Microsoft's May 2026 Patch Tuesday fixes around 120 vulnerabilities across Windows, Azure, Office, and developer tools, with no zero-day exploits disclosed. The updates address critical and important flaws including remote code execution, privilege escalation, spoofing, and data disclosure across core components like Windows TCP/IP, Netlogon, the DWM core library, Office apps, Visual Studio Code, and Azure services. Administrators should apply updates promptly, especially for exposed remote services and internet-facing apps.

via BleepingComputer|

#microsoft #office #patch-tuesday

cyber-security16 days ago•57 min saved

Microsoft 365 Copilot Flaws Lead to Data Exposure, Cloud Fix Deployed

Microsoft disclosed and fully mitigated three critical cloud-side information-disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Edge (CVE-2026-26129, CVE-2026-26164, CVE-2026-33111). The flaws—rooted in improper handling of special elements and command injection—could allow leakage of sensitive enterprise data over the network. Mitigations are deployed at the service level; no patches or admin actions are required. Security teams should review Copilot data access permissions and enforce least-privilege to reduce exposure from future flaws.

via CyberSecurityNews|

#copilot #cyber-security #cybersecurity

technology21 days ago•3 min saved

Anthropic warns of a 6–12 month patch window for Mythos-exposed flaws

Anthropic CEO Dario Amodei warned there is roughly a 6–12 month window to fix tens of thousands of vulnerabilities uncovered by the Mythos model, arguing that China’s AI lags behind and delays could lead to widespread exploitation if not addressed. At a finance-focused event with Jamie Dimon, Anthropic unveiled 10 new AI agents for banking and back-office work and an Microsoft Office integration, signaling its lead in enterprise AI ahead of possible IPOs. Amodei and Dimon emphasized cautious optimism and pressed for regulatory approaches that balance safety with innovation, while Mythos’ growing vulnerability findings underscore urgent cybersecurity considerations.

via CNBC|

#anthropic #cybersecurity #enterprise-ai

technology1 month ago•11 min saved

AI-driven Mythos flags 271 vulnerabilities in Firefox 150 ahead of release

Mozilla says Anthropic’s Mythos Preview identified 271 security vulnerabilities in Firefox 150 during pre-release analysis, vastly more than the 22 found by Opus 4.6 for Firefox 148, highlighting AI-assisted vulnerability discovery as a potential shift toward stronger defense and raising implications for open-source security testing.

via Ars Technica|

#ai-security #anthropic #firefox

technology1 month ago•7 min saved

Firefox 150 taps Mythos AI to patch 271 vulnerabilities

Mozilla's Firefox 150 release uses Anthropic Mythos Preview to identify and fix 271 vulnerabilities, marking a major AI-assisted bug-hunting milestone; Mozilla cautions that the industry will have to go through a difficult transition to secure software with these tools, especially for open-source projects, while anticipating that such capabilities will become common for both defenders and attackers.

via WIRED|

#artificial-intelligence #cybersecurity #firefox

cybersecurity1 month ago•4 min saved

NIST narrows vulnerability scoring to high-risk issues as submissions surge

NIST will stop enriching and rating severities for low-priority vulnerabilities in the NVD due to a 263% rise in submissions; only CVEs meeting KEV criteria, affecting U.S. federal software, or involving critical software will receive added details, while all CVEs stay in the database and others are labeled Not Scheduled; enrichment requests remain possible via [email protected].

via BleepingComputer|

#cve #cybersecurity #nist

technology1 month ago•54 min saved

Chrome Security Update Patches 31 Flaws — Update Now

Google released a major Chrome security update on April 15, 2026, addressing 31 vulnerabilities in all channels (Windows/macOS: 147.0.7727.101/102; Linux: 147.0.7727.101). Five are rated Critical and could allow arbitrary code execution via memory corruption in components like ANGLE, Skia, Proxy, Prerender, and XR; other high-severity fixes include Turbofan and Media issues. Users should update immediately through Chrome > Help > About Google Chrome and relaunch. Google notes bug details will be restricted until a broad user base patches to prevent exploitation.

via CyberSecurityNews|

#chrome #cybersecurity #patch

security1 month ago•1 min saved

CISA Adds Six Actively Exploited Vulnerabilities to KEV Across Fortinet, Microsoft, and Adobe

CISA added six vulnerabilities to its Known Exploited Vulnerabilities catalog due to active exploitation: CVE-2026-21643 (Fortinet FortiClient EMS SQL injection), CVE-2020-9715 (Adobe Acrobat Reader use-after-free), CVE-2023-36424 (Windows CLFS out-of-bounds read), CVE-2023-21529 (Exchange Server deserialization leading to remote code execution), CVE-2025-60710 (Windows Task Scheduler local privilege escalation), and CVE-2012-1854 (VBA insecure library loading enabling remote code execution). Defused Cyber reported exploitation of CVE-21643 since March 24, 2026; Storm-1175 has weaponized CVE-2023-21529 to deliver Medusa ransomware; CVE-2012-1854 had targeted-attack activity in 2012. No public exploitation yet for the other three. FCEB agencies must patch by April 27, 2026, with FortiClient EMS fixes due by April 16, 2026.

via The Hacker News|

#cisa #cybersecurity #fortinet

technology1 month ago•11 min saved

Microsoft fixes 167 vulnerabilities in April 2026 Patch Tuesday, including two zero-days

Microsoft’s April 2026 Patch Tuesday patches 167 vulnerabilities across Windows, Office, .NET, Azure and developer tools, including two zero-days. The fixes address a range of issues from remote code execution and elevation of privilege to information disclosure and denial of service across components such as Windows kernel, Windows TCP/IP, Office apps, the .NET stack, and more. Enterprises should apply the updates promptly to reduce exposure.

via BleepingComputer|

#cybersecurity #microsoft #patch-tuesday

technology1 month ago•5 min saved

AI Could Turn Vulnerabilities into a Hacker Superweapon, Warn Experts

AI’s rising ability to identify and chain software vulnerabilities could empower hackers, creating a potential ‘Vulnpocalypse’ scenario. Anthropic withheld Mythos Preview over risk of misuse, while governments and major firms weigh defenses as experts predict such capabilities could spread within six to twelve months, risking outages and attacks on finance, healthcare, and critical infrastructure—even as a Hollywood-style catastrophe remains unlikely.

via NBC News|

#ai #critical-infrastructure #cybersecurity

technology1 month ago•6 min saved

Anthropic limits Mythos Preview to defense partners under Project Glasswing

Anthropic has limited Mythos Preview to select partners under Project Glasswing, granting access to more than 50 tech organizations with over $100 million in usage credits to identify and fix software vulnerabilities. The model reportedly detects thousands of high- to critical-severity bugs and can chain exploits to breach systems, prompting guarded optimism about defense benefits but raising safety concerns about a broader public release. Anthropic has briefed the U.S. government; the system card says Mythos Preview is not generally available. Many experts say results are preliminary and the potential for misuse remains a key worry.

via NBC News|

#anthropic #artificial-intelligence #cybersecurity

security2 months ago•3 min saved

Microsoft March 2026 Patch Tuesday Fixes 77+ Flaws, Highlights AI‑Driven Discovery

Microsoft released March 2026 Patch Tuesday with fixes for at least 77 vulnerabilities across Windows and related software; there are no new zero-days, but several high-severity flaws require attention, including CVE-2026-21262 (SQL Server privilege escalation), CVE-2026-26127 (.NET denial of service), and Office remote-code-execution flaws via the Preview Pane (CVE-2026-26113/26110). Additional privilege-escalation CVEs affect Windows components (CVE-2026-24291/24294/24289/25187). An AI-discovered CVE-2026-21536 in the Microsoft Devices Pricing Program is noted as an example of AI-driven vulnerability research. Microsoft also issued an out-of-band patch for Windows Server 2022 to fix a Windows Hello for Business certificate renewal issue; Adobe and Mozilla separately released updates for their products. For full details, see the SANS ISC Patch Tuesday post.

via Krebs on Security|

#ai #cve #microsoft