Tag
A Twitter thread discusses how AI has collapsed the cost of finding zero-day vulnerabilities, making high-value exploits available for free on GitHub and fundamentally altering security economics.
An anonymous GitHub account has released a large collection of proof-of-concept exploits for undisclosed 0-day vulnerabilities in numerous popular software packages, including 7zip, Docker, Firefox, FFmpeg, Ghidra, libssh2, Nmap, PHP, and VLC.
A Linux 0-day vulnerability in __ptrace_may_access() allows unprivileged users to read root-owned files like SSH host keys and /etc/shadow. Affects many distros and kernels, with exploits available for ssh-keysign and chage.