Sean Heelan discovered a critical zero-day vulnerability, CVE-2025-37899 in the Linux kernel's ksmbd module using OpenAI's o3 language model. This marks one of the first instances where a large language model has independently identified a complex kernel-level security flaw.
https://sean.heelan.io/2025/05/22/how-i-used-o3-to-find-cve-2025-37899-a-remote-zeroday-vulnerability-in-the-linux-kernels-smb-implementation/
https://sean.heelan.io/2025/05/22/how-i-used-o3-to-find-cve-2025-37899-a-remote-zeroday-vulnerability-in-the-linux-kernels-smb-implementation/
Sean Heelan's Blog
How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation
In this post I’ll show you how I found a zeroday vulnerability in the Linux kernel using OpenAI’s o3 model. I found the vulnerability with nothing more complicated than the o3 API ̵…
Trending CVEs on 28/5/25:
CVE-2024-13946 / ABB Cylon / Binary Planting
CVE-2025-2636 / Wordpress / Local File Inclusion
CVE-2025-24118 / MacOS / Race Condition
CVE-2025-32756 / Fortinet / Stack Overflow
Learn More:
https://vedas.arpsyndicate.io
CVE-2024-13946 / ABB Cylon / Binary Planting
CVE-2025-2636 / Wordpress / Local File Inclusion
CVE-2025-24118 / MacOS / Race Condition
CVE-2025-32756 / Fortinet / Stack Overflow
Learn More:
https://vedas.arpsyndicate.io
In late October 2024, GTIG identified a compromised government website being used to distribute malware targeting multiple other government organizations. This site delivered a malware strain named TOUGHPROGRESS which utilized Google Calendar as a command and control (C2) mechanism.
https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics
https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics
Google Cloud Blog
Mark Your Calendar: APT41 Innovative Tactics | Google Cloud Blog
❤1
Trending CVEs on 29/5/25:
CVE-2021-43883 / Microsoft Windows / Privilege Escalation
CVE-2023-38879 / openSIS / Path Traversal
CVE-2024-51211 / openSIS / SQL Injection
CVE-2025-46176 / D-Link / Hardcoded Credentials
Learn More:
https://vedas.arpsyndicate.io
CVE-2021-43883 / Microsoft Windows / Privilege Escalation
CVE-2023-38879 / openSIS / Path Traversal
CVE-2024-51211 / openSIS / SQL Injection
CVE-2025-46176 / D-Link / Hardcoded Credentials
Learn More:
https://vedas.arpsyndicate.io
Using KEV or EPSS? Time to try VEDAS.
This webinar exposes the limitations of CISA KEV and FIRST EPSS, and introduces you to a leading prioritization standard: real-time, firsthand exploit intelligence from VEDAS.
Designed to see what the others miss, VEDAS gives security teams early warning on exploitable vulnerabilities that haven't hit the KEV or EPSS radar yet.
You'll Learn:
1. Why KEV and EPSS are failing your prioritization strategy
2. What makes VEDAS different: early warning, greater coverage, and expertise
3. How to integrate VEDAS via Exploit Observer API within your SOC or VM workflow
Who Should Attend:
CISOs, Threat Intel Analysts, Vulnerability Managers, SOC Leads, and anyone tired of relying on stale vulnerability intel.
Duration: 40 minutes + Q&A
Date & Time: To be communicated via Email
Register: https://webinar.arpsyndicate.io
This webinar exposes the limitations of CISA KEV and FIRST EPSS, and introduces you to a leading prioritization standard: real-time, firsthand exploit intelligence from VEDAS.
Designed to see what the others miss, VEDAS gives security teams early warning on exploitable vulnerabilities that haven't hit the KEV or EPSS radar yet.
You'll Learn:
1. Why KEV and EPSS are failing your prioritization strategy
2. What makes VEDAS different: early warning, greater coverage, and expertise
3. How to integrate VEDAS via Exploit Observer API within your SOC or VM workflow
Who Should Attend:
CISOs, Threat Intel Analysts, Vulnerability Managers, SOC Leads, and anyone tired of relying on stale vulnerability intel.
Duration: 40 minutes + Q&A
Date & Time: To be communicated via Email
Register: https://webinar.arpsyndicate.io
Why VEDAS Beats KEV & EPSS?
Well, VEDAS is powered by the world’s largest vulnerability and exploit database.
KEV is reactive. EPSS is probabilistic.
VEDAS is proactive, intelligent, autonomous and built for real-world defense.
Join us to see how VEDAS changes the vulnerability management game.
https://webinar.arpsyndicate.io
#CyberSecurity #ThreatIntel #VulnIntel #VulnerabilityManagement #DFIR #InfoSec #Tech #Technology
Well, VEDAS is powered by the world’s largest vulnerability and exploit database.
KEV is reactive. EPSS is probabilistic.
VEDAS is proactive, intelligent, autonomous and built for real-world defense.
Join us to see how VEDAS changes the vulnerability management game.
https://webinar.arpsyndicate.io
#CyberSecurity #ThreatIntel #VulnIntel #VulnerabilityManagement #DFIR #InfoSec #Tech #Technology
❤1
EPSS IS A LAGGING INDICATOR.
That’s where VEDAS steps ahead.
VEDAS is designed to proactively identify exploitable vulnerabilities before they hit mainstream threat intelligence feeds like KEV or EPSS.
https://github.com/ARPSyndicate/cve-scores
By leveraging the world’s largest vulnerability and exploit database, VEDAS provides early warning and a broader, more forward-looking perspective.
Register now for our exclusive webinar to discover more:
https://webinar.arpsyndicate.io
That’s where VEDAS steps ahead.
VEDAS is designed to proactively identify exploitable vulnerabilities before they hit mainstream threat intelligence feeds like KEV or EPSS.
https://github.com/ARPSyndicate/cve-scores
By leveraging the world’s largest vulnerability and exploit database, VEDAS provides early warning and a broader, more forward-looking perspective.
Register now for our exclusive webinar to discover more:
https://webinar.arpsyndicate.io
CFP Directory: Connect speakers with events and help organizers find the perfect speakers. A dual-purpose platform for the entire tech community - https://cfp.directory
Whether you're a speaker looking for your next opportunity or an organizer seeking the perfect lineup, CFP Directory has everything you need to succeed - https://cfp.directory/features
Upcoming Events:
Out Of The Box | Bangkok - https://cfp.directory/events/out-of-the-box-bangkok-2025
Whether you're a speaker looking for your next opportunity or an organizer seeking the perfect lineup, CFP Directory has everything you need to succeed - https://cfp.directory/features
Upcoming Events:
Out Of The Box | Bangkok - https://cfp.directory/events/out-of-the-box-bangkok-2025
This media is not supported in your browser
VIEW IN TELEGRAM
Another bleeding-edge version of VEDAS is out now 🎉🥳
Many network-exploitable vulnerabilities, such as CVE-2025-47188, remains delayed, poorly documented and lack meaningful enrichment. Despite being actively exploited since May 2025, this vulnerability is still not enriched by NVD, EPSS or proprietary vulnerability databases.
VEDAS can be used for Mining Exploit Intelligence linked to vulnerability identifiers like CVE, EUVD, CNNVD, and BDU and can be helpful in developing custom Nuclei templates and extending its coverage, supporting the growing community of security teams, researchers, and ASM providers.
Read More: https://www.osintteam.com/mining-exploit-intelligence-to-develop-custom-nuclei-templates-for-cve-euvd-cnnvd-bdu/
Many network-exploitable vulnerabilities, such as CVE-2025-47188, remains delayed, poorly documented and lack meaningful enrichment. Despite being actively exploited since May 2025, this vulnerability is still not enriched by NVD, EPSS or proprietary vulnerability databases.
VEDAS can be used for Mining Exploit Intelligence linked to vulnerability identifiers like CVE, EUVD, CNNVD, and BDU and can be helpful in developing custom Nuclei templates and extending its coverage, supporting the growing community of security teams, researchers, and ASM providers.
Read More: https://www.osintteam.com/mining-exploit-intelligence-to-develop-custom-nuclei-templates-for-cve-euvd-cnnvd-bdu/
On 9th August 2018, the concept of Exploit/Exploitation Prediction was first introduced at BlackHat, followed by the publication of its first paper on 30th August 2019. EPSS initially prioritized mass exploitation indicators over concrete exploit evidence. While recent updates have added exploit data, these rely on only a handful of sources, resulting in narrow coverage, a lot of false negatives, and delayed recognition of active threats.
Moreover, EPSS and similar systems still lack the ability to fully interpret exploit intelligence. They cannot reliably or autonomously map exploits to CVEs with sufficient accuracy, which limits their real-world effectiveness. VEDAS provides a far more reliable alternative to EPSS. Unlike EPSS, VEDAS does not attempt to predict future exploitation; instead, it estimates the prevalence of a vulnerability identifier and the maturity of its associated exploits.
It has now been five years since the idea of using a score to “predict” or “estimate” the likelihood of CVE exploitation within the next 30 days was proposed—though. Till this date, there is no evidence explaining how or why this 30-day timeframe was chosen or supporting if these prediction, that is just based on mass exploitation and public exploits, can actually be validated by the cybersecurity community as factor that can predict exploitation before mass exploitation trend or exploits appear. Hence, from the outset, we have consistently cautioned against this predictive narrative.
Register for our upcoming webinar to learn more:
https://webinar.arpsyndicate.io
Moreover, EPSS and similar systems still lack the ability to fully interpret exploit intelligence. They cannot reliably or autonomously map exploits to CVEs with sufficient accuracy, which limits their real-world effectiveness. VEDAS provides a far more reliable alternative to EPSS. Unlike EPSS, VEDAS does not attempt to predict future exploitation; instead, it estimates the prevalence of a vulnerability identifier and the maturity of its associated exploits.
It has now been five years since the idea of using a score to “predict” or “estimate” the likelihood of CVE exploitation within the next 30 days was proposed—though. Till this date, there is no evidence explaining how or why this 30-day timeframe was chosen or supporting if these prediction, that is just based on mass exploitation and public exploits, can actually be validated by the cybersecurity community as factor that can predict exploitation before mass exploitation trend or exploits appear. Hence, from the outset, we have consistently cautioned against this predictive narrative.
Register for our upcoming webinar to learn more:
https://webinar.arpsyndicate.io
❤3