Google publishes exploit code threatening millions of Chromium users
Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and…
Category: ArsTechnica
Secret CISA credentials found in public GitHub repo
Security researcher Brian Krebs brings us the news that America’s Cybersecurity & Infrastructure Agency (CISA) has had a large store of plaintext passwords, SSH private…
Bug bounty businesses bombarded with AI slop
He added there was a “third cohort” of “experienced AI builders” who had developed automated “end-to-end scanning and submission systems” that were “creating absolute carnage.”…
Zero-day exploit completely defeats default Windows 11 BitLocker protections
A zero-day exploit circulating online allows people with physical access to a Windows 11 system to bypass default BitLocker protections and gain complete access to…
Linux bitten by second severe vulnerability in as many weeks
Both privilege escalation vulnerabilities stem from bugs in the kernel’s handling of page caches stored in memory, allowing untrusted users to modify them. They target…
Chaos erupts as cyberattack disrupts learning platform Canvas amid finals
Chaos erupted at schools and colleges throughout the US on Thursday as a cyberattack disrupted online learning platform Canvas just as students were due to…
Mozilla says 271 vulnerabilities found by Mythos have “almost no false positives”
As noted earlier, Mozilla’s characterization of AI-assisted vulnerability discovery as a game changer has been met with massive, vocal skepticism in many quarters. Critics initially…
Widely used Daemon Tools disk app backdoored in monthlong supply-chain attack
One of the follow-on payloads pushed to about a dozen organizations was what Kaspersky described as a “minimalistic backdoor.” It has the ability to execute…
Ubuntu infrastructure has been down for more than a day
Servers operated by Ubuntu and its parent company Canonical were knocked offline on Thursday morning and have remained down ever since, a situation that’s preventing…
Amid Mythos’ hyped cybersecurity prowess, researchers find GPT-5.5 is just as good
Is it just “fear-based marketing”? The new results for GPT-5.5 suggest that, when it comes to cybersecurity risk, Mythos Preview was likely not “a breakthrough…
The most severe Linux threat to surface in years catches the world flat-footed
Publicly released exploit code for an effectively unpatched vulnerability that gives root access to virtually all releases of Linux is setting off alarm bells as…
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
“Current evidence indicates that this data originated from Checkmarx’s GitHub repositories, and that access to those repositories was facilitated through the initial supply chain attack…