11+ hour, 48+ min ago  (1651+ words) AI vulnerability discovery is crossing an important line. The scarce resource in security is no longer simply the ability to find bugs. It is the ability to prove which findings are real, decide which ones matter, coordinate disclosure, ship safe…...

2+ day, 3+ hour ago  (1683+ words) A sandbox is supposed to make a dangerous action boring. A coding agent can read files, run commands, install dependencies, inspect logs, and follow links, but the sandbox is the line that says: even if the agent is manipulated, the…...

4+ day, 6+ hour ago  (1697+ words) ZDI's final Day Three post reported $1, 298, 250 in total awards for 47 unique zero-day vulnerabilities across the three-day contest. DEVCORE won Master of Pwn with 50. 5 points and $505, 000, followed by STARLabs SG with 25 points and $242, 500, and Out Of Bounds with 12. 75 points and $95, 750. (Zero…...

4+ day, 7+ hour ago  (1639+ words) The clearest public account came from Krebs On Security. According to the report, a CISA contractor maintained a public Git Hub repository that exposed credentials to several highly privileged AWS Gov Cloud accounts and many internal CISA systems. The same…...

6+ day, 7+ hour ago  (1658+ words) The Apple M5 Mythos story is easy to overread. A small team says it built a working mac OS kernel exploit with help from a frontier AI model in five days. That sounds like a clean headline: AI broke Apple. It…...

1+ week, 1+ day ago  (1588+ words) Many teams instinctively down-rank local privilege escalation because the attacker already needs access. That habit fails in modern infrastructure. Local code execution is not rare; it is built into many workflows. The key to understanding Fragnesia is the Linux page…...

1+ week, 2+ day ago  (1680+ words) The fastest useful risk sentence is this: if you run an affected NGINX or F5 NGINX-derived product and your config uses the vulnerable rewrite pattern, an unauthenticated remote attacker may be able to crash worker processes and, under harder conditions, may…...

1+ week, 3+ day ago  (1678+ words) Open AI Daybreak and Anthropic Mythos are easy to frame as a vendor race. That framing is too small. The real story is that AI is changing the economics of vulnerability research. Low-signal findings are becoming easier to produce, cheaper…...

1+ week, 4+ day ago  (1655+ words) The 2026 Canvas cyber security incident was not just an outage. It was a breach of trust in one of the most important systems schools use every day: the learning management system where students submit work, instructors grade assignments, advisers exchange…...

1+ week, 6+ day ago  (1643+ words) Those two cases matter because they are not just kernel stories. They are disclosure stories. They show what happens when the time between "fix exists somewhere" and "someone can infer the bug class" collapses. Modern vulnerability handling has never had…...