Smashing Security podcast #461: This man hid $400 million in a fishing rod. Then it vanished
A cannabis-growing, beekeeping, gyrocopter-flying Irishman invested his drug money in Bitcoin back in 2011 – and now sits on a...
Vulnerability
VRP 2025 Year in Review
Posted by Dirk Göhmann, Tony Mendez, and the Vulnerability Rewards Program Team2025 marked a special year in the history of...
OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according...
Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets
Trivy, a popular open-source vulnerability scanner maintained by Aqua Security, was compromised a second time within the span of a...
Microsoft Authenticator Flaw on Android, iOS Could Leak Login Codes for Millions
Image: Aminu Abdullahi/TechRepublic A newly discovered vulnerability in Microsoft Authenticator could expose sensitive login codes to malicious apps on the...
Security Flaw in WordPress Plugin Puts 400,000 Websites at Risk
Image: Adobe A vulnerability in a widely used WordPress accessibility plugin could allow attackers to steal sensitive data from affected...
Microsoft Authenticator could leak login codes—update your app now
A vulnerability in Microsoft Authenticator for both iOS and Android (CVE-2026-26123) could leak your one-time sign-in codes or authentication...
Post-Quantum Decentralized Policy Enforcement Points in MCP Node Clusters
The Quantum Vulnerability of Centralized MCP Architectures Ever wonder why we're still building ai security like it’s 2010? We...
Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
Ravie LakshmananMar 11, 2026 Vulnerability / Application Security Cybersecurity researchers have disclosed details of two now-patched security flaws in the...
The Zero-Day Scramble is Avoidable: A Guide to Attack Surface Reduction
You can't control when the next critical vulnerability drops. You can control how much of your environment is exposed when...
Smashing Security podcast #457: How a cybersecurity boss framed his own employee
When a top cybersecurity firm discovered it had a leak, you would expect the FBI to be called. Instead, the...
NDSS 2025 – Detecting Server-Induced Client Vulnerabilities In Windows Remote IPC
Session 14C: Vulnerability Detection Authors, Creators & Presenters: (Except Where Noted – The Following Authors Are From The Institute...
CISOs in a Pinch: A Security Analysis of OpenClaw
Anthropic's Claude Code Security is a legitimate leap forward for pre-deployment vulnerability detection - and the market sell-off (Cybersecurity ETF...
Zenity Details Perplexity AI Browser Vulnerability
Zenity, a provider of a platform for securing artificial intelligence (AI) applications and agents, today detailed how a zero-click...
Finally, CTEM and MITRE INFORM Without the Jargon
Your vulnerability scanner just came back with 10,000 findings. Your pen test report has a 47-page appendix. Your threat...
