security-research
78 articles with this tag
HIGH
INFO
CRITICAL
INFO
INFO
MEDIUM
INFO
MEDIUM
MEDIUM
HIGH
LOW
INFO
MEDIUM
INFO
INFO
INFO
MEDIUM
HIGH
INFO
CRITICAL
INFO
HIGH
INFO
INFO
INFO
LOW
INFO
MEDIUM
INFO
INFO
INFO
HIGH
INFO
HIGH
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
CRITICAL
INFO
MEDIUM
HIGH
CRITICAL
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
MEDIUM
INFO
HIGH
INFO
INFO
INFO
INFO
INFO
INFO
INFO
INFO
HIGH
MEDIUM
LOW
INFO
INFO
INFO
INFO
HIGH
INFO
MEDIUM
INFO
HIGH
Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects
OpenHack: Open-source AI-powered vulnerability research
Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software
Cisco used AI to write security incident reports, with mixed results
AI red teaming agents change how LLMs get tested
When Filenames Become Attack Surfaces: Weaponizing NASA's CFITSIO Extended Filename Syntax
Now Live: The CrowdStrike 2026 Financial Services Threat Landscape Report
New image-based prompt injection attack targets multimodal AI models
Security Researchers Find 47 Zero-Days at Pwn2Own Berlin
Hackers earn $1,298,250 for 47 zero-days at Pwn2Own Berlin 2026
Zombie linkages are keeping expired domains trusted for years
On vendor disclosure timelines, bounty programme incentive misalignment, and the psychological contract
Memory Poisoning AI Agents via ChromaDB
One keypress is all it takes to compromise four AI coding tools
What Mozilla learned running an AI security bug hunting pipeline on Firefox
Attackers Could Exploit AI Vision Models Using Imperceptible Image Changes
Proof of Selective Triage: Deribit resolving other H1 reports while ghosting Critical researcher for 76+ days
Nine-Year-Old Zero-Day Flaw in Linux Kernel Discovered by AI-Equipped Security Researcher
Automated LLM red teaming gets a learning layer
We’re in a Patch Apocalypse. That Means These Three IT Excuses Won’t Work Anymore.
Extending Ruzzy with LibAFL
Claude Mythos Has Found 271 Zero-Days in Firefox
Attempting to evade an AI SOC with offensive agents
It's a myth that you need Mythos to find bugs: Open source models can do it just as well
Mythos Special: A Big Bug Problem with Gadi Evron, Rob Lee and Ed Skoudis
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 13, 2026 to April 19, 2026)
Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos
Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox
Anthropic bets on EPSS for the coming bug surge
Meta and PortSwigger drive offensive security further to find what others miss
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 30, 2026 to April 5, 2026)
Wordfence Intelligence Weekly WordPress Vulnerability Report (April 6, 2026 to April 12, 2026)
Anonymous credentials: an illustrated primer (Part 2)
Metasploit Wrap-Up 04/17/2026
Sometimes changing the password on your email mailbox isn’t enough
How AI is getting better at finding security holes
The ADWS Architecture That Hides PowerShell AD Enumeration
The 60ms Window: How Event 5156 Solves the ADWS Attribution Problem
Anthropic's Project Glasswing CVE tally is still anyone's guess
OpenAI Unveils GPT-5.4-Cyber for Improving Cyber Defense With AI
UK gov's Mythos AI tests help separate cybersecurity threat from hype
Testing reveals Claude Mythos’s offensive capabilities and limits
Your MTTD Looks Great. Your Post-Alert Gap Doesn't
Fixing vulnerability data quality requires fixing the architecture first
We combined DRAM timing attacks, electrical grid frequency detection, and gyroscope fusion into a single bot detection stack and I think we need to talk about it
Claude + Humans vs nginx: CVE-2026-27654
Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
What vibe hunting gets right about AI threat hunting, and where it breaks down
Warning: Vibe Hacking is here
The Internet Bug Bounty program pauses payouts after surge in AI‑generated vulnerability reports
What Anthropic Glasswing reveals about the future of vulnerability discovery
Anthropic Opus 4.6 is less good at finding vulns than you might think
A week in security (March 30 – April 5)
When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications
Hooked on Linux: Rootkit Detection Engineering
Malware detectors trained on one dataset often stumble on another
Wordfence Bug Bounty Program Monthly Report – February 2026
From Static Findings to Working Exploits: Runtime Validation of 6 High-Profile MCP Servers
Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers
LLVM Adventures: Fuzzing Apache Modules
Proxy Execution with Microsoft Edge WebView2 w/ Matthew Eidelberg
Open, Closed and Broken: Prompt Fuzzing Finds LLMs Still Fragile Across Open and Closed Models
Switzerland built a secure alternative to BGP. The rest of the world hasn't noticed yet
VulHunt: Open-source vulnerability detection framework
Google Paid Out $17 Million in Bug Bounty Rewards in 2025
Rogue AI agents can work together to hack systems and steal secrets
Alipay (1B+ users) DeepLink+JSBridge Attack Chain: Silent GPS Exfiltration, 6 CVEs (CVSS 9.3)
“Zombie ZIP”: Neue Angriffstechnik täuscht Virenscanner
2,622 Valid Certificates Exposed: A Google-GitGuardian Study Maps Private Key Leaks to Real-World Risk
How to Detect Phone Spying Tech (with Cooper Quintin)
IronCurtain: An open-source, safeguard layer for autonomous AI assistants
Industrial networks continue to leak onto the internet
A Deep Dive into the GetProcessHandleFromHwnd API
Vulnerabilities grew like weeds in 2025, but only 1% were weaponized in attacks
AI has gotten good at finding bugs, not so good at swatting them
Password managers keep your passwords safe, unless…
Smashing Security podcast #454: AI was not plotting humanity’s demise. Humans were
When responsible disclosure becomes unpaid labor