responsible disclosure

Microsoft’s Zero-Day Disclosure Backlash: Did Legal Threats Go Too Far?

Microsoft Threatens Legal Action Over Exploit Disclosure

| | BitLocker, bug bounty, Cybersecurity, cybersecurity law, Digital Privacy, Episodes, full disclosure, GitHub, Microsoft security, MSRC, Podcast, Privacy, Proof-Of-Concept Exploit, responsible disclosure, Security Community, security researchers, surveillance, Vendor Accountability, Vulnerability Disclosure, Weekly Edition, zero-day vulnerabilities
Microsoft’s response to a researcher publicly disclosing proof-of-concept exploit code has reignited an old debate in security: where does responsible disclosure end and reckless disclosure begin? Tom and Scott discuss the Nightmare ...
Shared Security Podcast
Terminal window showing Claude requesting permission to fetch content from praetorian.com with three options: Yes, Yes and don't ask again, or No

The Security Horizon of Agentic AI: A Claude Code Case Study

| | Agentic AI, AI Security, Claude Code, CVE-2026-24052, Offensive Security, responsible disclosure, Vulnerability Research
What started as a small curiosity during a code review ended with a CVE and some hard questions about agentic AI security. A while back, I was using Claude Code to audit ...
Offensive Security Blog: Latest Trends in Hacking | Praetorian
vulnerabilities, root cause, Microsoft Storm-1152 fake accounts CaaS

Turkish Security Researcher Gets Nod From NASA Over Vulnerability Discoveries 

| | Breach Readiness, bugcrowd, Building Trust in Cybersecurity., Cyber Threat Management, Cyberdefenders, cybersecurity research, ethical hacking, Independent Researchers, NASA, Order of the British Empire, Recognition in Cybersecurity, responsible disclosure, Security Vulnerabilities, Vulnerability Disclosure Program
NASA acknowledges independent researcher Hasan İsmail Gülkaya for discovering vulnerabilities through its Vulnerability Disclosure Program, highlighting the importance of ethical hacking in cybersecurity ...
Security Boulevard
A person signing secrecy

FortiJump: Yet Another Critical Fortinet 0-Day RCE

| | Carl Windsor, CVE-2024-47575, FG-IR-24-423, fgfmsd, Fortigate, FortiGate devices, FortiGate Flaw, FortiJump, Fortinet, Inc., responsible disclosure, responsible disclosure program, SB Blogwatch, transparency
FortiFAIL: Remote code execution vulnerability still not acknowledged by Fortinet after 10+  days’ exploitation ...
Security Boulevard

Xiaomi and WPS Vulnerabilities: File Overwrite Risks Alert

| | android, app-security, Cybersecurity News, Dirty Stream Attack, file overwrite, Google Guidance, Google Play Store, Microsoft Threat Intelligence, Mobile Security, patch management, responsible disclosure, Security Exploits, Vulnerabilities, WPS Office, Xiaomi
In the digital realm, security is paramount, especially when it comes to the applications we use daily. Recently, concerns have surfaced regarding vulnerabilities in popular Android applications available on the Google Play ...
TuxCare

Securing Networks: Addressing pfSense Vulnerabilities

| | command injection, CVE-2023-42325, CVE-2023-42326, CVE-2023-42327, Cybersecurity, Cybersecurity Best Practices, Cybersecurity News, Digital Threats, firewall, Microsoft Visual Studio Code, mitigation, Netgate, network infrastructure, Network Security, npm integration, Patch Tuesday updates, patching, pfsense, pfSense CE, pfSense Plus, proactive security measures, Remote Code Execution, resolution, responsible disclosure, security risks, Sonar, Vulnerabilities, XSS
In recent findings by Sonar, critical security vulnerabilities have emerged within the widely-used open-source Netgate pfSense firewall solution, potentially exposing susceptible appliances to unauthorized command execution. These pfSense vulnerabilities, comprising two reflected ...
TuxCare
Google Pixel Can be Unlocked via SIM Swap (Other Android Phones, Too)

Google Pixel Can be Unlocked via SIM Swap (Other Android Phones, Too)

| | android, AOSP, Bug Bounties, bug bounty, bug bounty program, CVE-2022-20465, David Schütz, Google Pixel, lockscreen, puk, responsible disclosure, SB Blogwatch, Sounds like an excellent exploit designed by Google to assist law enforcement, Vulnerability Disclosure
A Hungarian researcher found a nasty Android security bug: Malicious people can unlock your phone ...
Security Boulevard
BlackBerry QNX Vulnerability Highlights Lurking Issues with IOT Security

BlackBerry QNX Vulnerability Highlights Lurking Issues with IOT Security

| | Automotive, BadAlloc, blackberry, BlackBerry QNX, Embedded Systems, enterprise security, Exploits, healthcare, Internet, Internet of things, iot, Real-Time Operating System, Remote Code Execution, responsible disclosure, risk management, Software Security, Vulnerabilities, vulnerability
BlackBerry revealed that its QNX operating system is vulnerable to the BadAlloc flaw revealed earlier this year. QNX is an embedded systems operating system that can be found in hundreds of millions ...
Blog
Feds Propose ‘911’ Emergency Call for Reporting Security Flaws; Experts Warn It’s Easier Said Than Done

Feds Propose ‘911’ Emergency Call for Reporting Security Flaws; Experts Warn It’s Easier Said Than Done

| | 9/11, bug bounty, bug bounty program, cisa, Department of Homeland Security, directive, Federal, government, Industry News, responsible disclosure, vulnerability, Vulnerability Disclosure
CISA drafts directive to create a vulnerability disclosure policy for government websites and apps Agency seeks to centralize the effort via a standard vulnerability disclosure platform service next spring Cybersecurity veteran Katie ...
HOTforSecurity
AMD downplays CPU flaw discovery, says hackers would need admin rights anyway

AMD downplays CPU flaw discovery, says hackers would need admin rights anyway

| | AMD, AMD processor, cpu vulnerability, Industry News, processor vulnerability, responsible disclosure, responsible disclosure program, security bloggers network
Semiconductor giant AMD said today that attackers wouldn’t likely abuse the vulnerabilities recently found in its products: they would need administrative access, and that kind of access would allow for far more ...
HOTforSecurity
Load more