Experimental News Clipping Site

Tag: vulnerability disclosure

  • The Cloudflare Blog: Vulnerability transparency: strengthening security through responsible disclosure

    by

    Kurt Seifried
    in

    Source URL: https://blog.cloudflare.com/vulnerability-transparency-strengthening-security-through-responsible/ Source: The Cloudflare Blog Title: Vulnerability transparency: strengthening security through responsible disclosure Feedly Summary: In line with CISA’s Secure By Design pledge, Cloudflare shares its vulnerability disclosure process, CVE issuance criteria, and CNA duties. AI Summary and Description: Yes **Summary:** The text discusses Cloudflare’s commitment to cybersecurity as exemplified by its participation…

  • Microsoft Security Blog: Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape

    by

    Kurt Seifried
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2025/05/01/analyzing-cve-2025-31191-a-macos-security-scoped-bookmarks-based-sandbox-escape/ Source: Microsoft Security Blog Title: Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape Feedly Summary: Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared our findings with Apple and a fix was released for this vulnerability,…

  • The Register: More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/04/25/more_ivanti_attacks_may_be/ Source: The Register Title: More Ivanti attacks may be on horizon, say experts who are seeing 9x surge in endpoint scans Feedly Summary: GreyNoise says it is the kind of activity that typically precedes new vulnerability disclosures Ivanti VPN users should stay alert as IP scanning for the vendor’s Connect Secure and…

  • The Register: Today’s LLMs craft exploits from patches at lightning speed

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/04/21/ai_models_can_generate_exploit/ Source: The Register Title: Today’s LLMs craft exploits from patches at lightning speed Feedly Summary: Erlang? Er, man, no problem. ChatGPT, Claude to go from flaw disclosure to actual attack code in hours The time from vulnerability disclosure to proof-of-concept (PoC) exploit code can now be as short as a few hours,…

  • Microsoft Security Blog: Microsoft’s Secure by Design journey: One year of success

    by

    Kurt Seifried
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2025/04/17/microsofts-secure-by-design-journey-one-year-of-success/ Source: Microsoft Security Blog Title: Microsoft’s Secure by Design journey: One year of success Feedly Summary: Read about the initiatives Microsoft has undertaken over the past 18 months to support secure by design, secure by default, and secure in operations objectives as part of our SFI Initiative. The post Microsoft’s Secure by…

  • Cisco Talos Blog: Eclipse and STMicroelectronics vulnerabilities

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/eclipse-and-stmicroelectronics-vulnerabilities/ Source: Cisco Talos Blog Title: Eclipse and STMicroelectronics vulnerabilities Feedly Summary: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities found in Eclipse ThreadX and four vulnerabilities in STMicroelectronics.   The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure…

  • Microsoft Security Blog: Analyzing open-source bootloaders: Finding vulnerabilities faster with AI

    by

    Kurt Seifried
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2025/03/31/analyzing-open-source-bootloaders-finding-vulnerabilities-faster-with-ai/ Source: Microsoft Security Blog Title: Analyzing open-source bootloaders: Finding vulnerabilities faster with AI Feedly Summary: Using Microsoft Security Copilot to expedite the discovery process, Microsoft has uncovered several vulnerabilities in multiple open-source bootloaders impacting all operating systems relying on Unified Extensible Firmware Interface (UEFI) Secure Boot. Through a series of prompts, we…

  • The Register: CrushFTP CEO’s feisty response to VulnCheck’s CVE for critical make-me-admin bug

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/27/crushftp_cve/ Source: The Register Title: CrushFTP CEO’s feisty response to VulnCheck’s CVE for critical make-me-admin bug Feedly Summary: Screenshot shows company head unhappy, claiming ‘real CVE is pending’ CrushFTP’s CEO is not happy with VulnCheck after the CVE numbering authority (CNA) released an unofficial ID for the critical vulnerability in its file transfer…

  • Hacker News: CVE-2025-29927 – Next.js

    by

    Kurt Seifried
    in

    Source URL: https://nextjs.org/blog/cve-2025-29927 Source: Hacker News Title: CVE-2025-29927 – Next.js Feedly Summary: Comments AI Summary and Description: Yes Summary: The release of Next.js version 15.2.3 addresses a critical security vulnerability (CVE-2025-29927) that could allow unauthorized access by skipping essential middleware security checks. The update underscores the necessity for timely patching in software development and highlights…