13+ hour, 5+ min ago  (1740+ words) This post is part of MAD Bugs, our Month of AI-Discovered Bugs, where we pair frontier models with human expertise and publish whatever falls out. Before we dive in, one piece of news. Stefan Esser is joining Calif. Stefan was…...

1+ week, 3+ day ago  (478+ words) Two weeks ago we told you about how we used AI to find a radare2 0-day, and the day after that, an auth bypass in NSA's Ghidra Server that has been hiding in plain sight since 2019. Some of you were, understandably,…...

3+ week, 1+ day ago  (853+ words) He shared exploit. py with me. Two problems: It imported rsync_lib, which wasn't in the repo. He just forgotto share it. Claude had generated this custom protocol library tohandle all the heavy lifting: daemon handshake, multiplexed I/O, file list parsing,…...

1+ mon, 2+ day ago  (275+ words) It started like this: Vim maintainers fixed the issue immediately. Everybody is encouraged to upgrade to Vim v9. 2. 0272. Full advisory can be found here. The original prompt was simple: Somebody told me there is an RCE 0-day when you open a…...