CVSS 9.8 is the new participation trophy given out to every vulnerability

Doom much? Worried about a handful of IT nerds when the PLA was sitting on the Treasury network for years?

CVE-2025-0000 smart locks suceptible to brute force attacks, CVSS 9.8

A ton of C2 hunting opportunities in this Forescout blog forescout.com/blog/threat-an…

🚨 FalconFeeds IOC Analysis – Aug 29, 2025 200+ active IOCs across botnets, stealers & APT infra: Rhadamanthys Stealer → 45.74.16[.]12:443 🇺🇸 Cobalt Strike → 45.153.124[.]230:8080 🇪🇺 AsyncRAT → 38.242.230[.]250:8808 🇩🇪 Extreme RAT → 145.82.185[.]205 (multi-port) 🇸🇦 Mozi

45.74.36[.]117 --> CobaltStrike --> windows[.]dnsupdate[.]online

206.237.3[.]150 React2Shell CVE-2025-55182 exploit IP in AWS report. REF0657 Elastic Security Labs

every god-fearing generation of men maintain and uphold The Wire Box, a strategic reserve of technical entropy from which the anonymous will rise up and become the prophesied Chosen Wire in Our Time of Need.

GCONV_PATH Injection in GNU Inetutils telnetd Credit: Discovered by Justin Swartz Reference: seclists.org/oss-sec/2026/q… Justin revealed that while CVE-2026-24061 fix addressed the "-f root" authentication bypass, the underlying environment variable sanitization issue remains

A password like G7$kL9#mQ2&xP4!w looks strong. Every password checker rates it "excellent." But researchers at Irregular just published something worth knowing: that exact string appeared 18 out of 50 times when Claude was asked to generate a password. The reason: LLMs are

🦔 Researchers at Aikido Security found 151 malicious packages uploaded to GitHub between March 3 and March 9. The packages use Unicode characters that are invisible to humans but execute as code when run. Manual code reviews and static analysis tools see only whitespace or blank

just saying...

dmpdump Indeed, something seems to have changed with that

Just why Microsoft...

Whoopsi: CVE-2026-20963 is now UNAUTHENTICATED!!!! Patch ASAP. msrc.microsoft.com/update-guide/v… Updated the scanner: github.com/LuemmelSec/Pen…

Respectfully, this is not a vulnerability. It's a compromise.

In one episode, the model needed to edit files it lacked permissions for. After searching for workarounds, it found a way to inject code into a config file that would run with elevated privileges, and designed the exploit to delete itself after running.(4/14)

everyone: "AI will solve vulnerabilities." Copilot:"Yeah sorry I just made up those numbers."

striga Is this another one of those vulnerabilities that is not exploitable by default and requires a specific configuration that is often not seen in real-world scenarios?