TLDR The 90 day responsible disclosure window was built for a world where bug finders were rare and exploit development was slow. That world is gone. LLMs have compressed both timelines to near-zero. I have seen it first hand, and so has everyone else paying…

See how MPC protects data in use by letting distributed machines compute on protected inputs without exposing plaintext to the cloud.

Alt title: Bullying LLMs into submission to find 0days at scale

The instinctive reaction to Mythos is: we need to patch faster. That instinct is understandable. It is also exactly the wrong frame. The real question isn't how many CVEs are in your queue. It's how many of your exposed assets can actually be exploited right…

Raelize provides top-notch embedded device security serrvices like consultancy, testing, research and training.

This is quite a different post as it is not related as usual to Windows vulnerabilities 😉. In the past period, I have been looking into the myAudi connected vehicle platform “Audi Connect and…

AiTM Phishing FIDO2 MFA

Traditional ransomware disrupts organizations by encrypting data and demanding payment for decryption keys. This paper presents a fundamentally different availability attack that achieves the same business disruption without writing a single encrypted byte…

Deploy AI for cyber defense with GPT-5.5 and Codex Security to identify threats, generate patches, and verify remediation across code and systems.

Why do Fortune 10 SOCs with 15 people outpace teams 10x their size? They've stopped using autoregressive LLMs for threat modeling, response, and recovery. Instead,...

Summary An unauthenticated attacker can remotely execute arbitrary code via the CWMP protocol on the ipTIME router. Vendor Response We have tried to reach out to the vendor through multiple channels (email and via KISA) but have not been able to receive any…

On 2026-05-11, an attacker chained a pull_request_target Pwn Request, GitHub Actions cache poisoning across the fork↔base trust boundary, and OIDC token extraction from runner memory to publish 84 malicious versions across 42 @tanstack/* packages on npm.…

yes, as in singular one. Back in April 2026 Anthropic caused a lot of media noise when they concluded that their new AI model Mythos is dangerously good at finding security flaws in source code. Apparently Mythos was so good at this that Anthropic would not…

A hands-on OpenClaw experiment reveals that AI agent security hinges on model quality, showing how prompt injection defenses weaken across cheaper LLM tiers.

AI-assisted vulnerability research is the fuzzer era all over again. Same spike, same plateau. Here is why bug counts are only half the story.

Learn how malicious Claude Code skills can abuse dynamic context commands to execute before model-level prompt injection defenses can intervene.

XBOW discovered CVE-2026-45185, a critical unauthenticated RCE in Exim, and used the disclosure window to test how far human and autonomous exploit development could go.

AI cyberwar autonomous agents are already inside US infrastructure. How nation-states weaponize AI — and what comes next.

258 Vulnerabilities in AI-Generated Code (and a Scanner for All of Them) I saw a post recently listing 20 common vulnerabilities in AI-coded apps. Good list. Also wildly optimistic. I've been using AI coding assistants…

Findings, disclosures, methodology notes — sent into the dark like a PING.