#cves — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cves, aggregated by home.social.
-
Resulting from funding gaps and idiotic shifts in priorities the U.S.A. is now woefully under investing in our core CyberDefense Ecosystem....
National Institute of Standards and Technology (NIST) is no longer enhancing all Common Vulnerabilities and Exposures (CVEs) with analysis and severity indicators, and instead NIST will prioritize enriching a much narrower set of security vulnerabilities.
Related: In April 2025, a funding gap by in DHS appropriations threatened to cease CVE operations entirely —which would have creating systemic risk for global vulnerability management. An emergency funding extension was implemented to avoid a full on crisis. https://www.justsecurity.org/136914/nist-cant-keep-up/ #NIST #MITRE #CVEs #NVD #Security #Risk #CyberSecurity #CyberDefence #CyberInfrastructure #AI #AISecurity #CISA #DHS #Vulnerability #ThreatIntelligence
-
Resulting from funding gaps and idiotic shifts in priorities the U.S.A. is now woefully under investing in our core CyberDefense Ecosystem....
National Institute of Standards and Technology (NIST) is no longer enhancing all Common Vulnerabilities and Exposures (CVEs) with analysis and severity indicators, and instead NIST will prioritize enriching a much narrower set of security vulnerabilities.
Related: In April 2025, a funding gap by in DHS appropriations threatened to cease CVE operations entirely —which would have creating systemic risk for global vulnerability management. An emergency funding extension was implemented to avoid a full on crisis. https://www.justsecurity.org/136914/nist-cant-keep-up/ #NIST #MITRE #CVEs #NVD #Security #Risk #CyberSecurity #CyberDefence #CyberInfrastructure #AI #AISecurity #CISA #DHS #Vulnerability #ThreatIntelligence
-
Resulting from funding gaps and idiotic shifts in priorities the U.S.A. is now woefully under investing in our core CyberDefense Ecosystem....
National Institute of Standards and Technology (NIST) is no longer enhancing all Common Vulnerabilities and Exposures (CVEs) with analysis and severity indicators, and instead NIST will prioritize enriching a much narrower set of security vulnerabilities.
Related: In April 2025, a funding gap by in DHS appropriations threatened to cease CVE operations entirely —which would have creating systemic risk for global vulnerability management. An emergency funding extension was implemented to avoid a full on crisis. https://www.justsecurity.org/136914/nist-cant-keep-up/ #NIST #MITRE #CVEs #NVD #Security #Risk #CyberSecurity #CyberDefence #CyberInfrastructure #AI #AISecurity #CISA #DHS #Vulnerability #ThreatIntelligence
-
Resulting from funding gaps and idiotic shifts in priorities the U.S.A. is now woefully under investing in our core CyberDefense Ecosystem....
National Institute of Standards and Technology (NIST) is no longer enhancing all Common Vulnerabilities and Exposures (CVEs) with analysis and severity indicators, and instead NIST will prioritize enriching a much narrower set of security vulnerabilities.
Related: In April 2025, a funding gap by in DHS appropriations threatened to cease CVE operations entirely —which would have creating systemic risk for global vulnerability management. An emergency funding extension was implemented to avoid a full on crisis. https://www.justsecurity.org/136914/nist-cant-keep-up/ #NIST #MITRE #CVEs #NVD #Security #Risk #CyberSecurity #CyberDefence #CyberInfrastructure #AI #AISecurity #CISA #DHS #Vulnerability #ThreatIntelligence
-
Resulting from funding gaps and idiotic shifts in priorities the U.S.A. is now woefully under investing in our core CyberDefense Ecosystem....
National Institute of Standards and Technology (NIST) is no longer enhancing all Common Vulnerabilities and Exposures (CVEs) with analysis and severity indicators, and instead NIST will prioritize enriching a much narrower set of security vulnerabilities.
Related: In April 2025, a funding gap by in DHS appropriations threatened to cease CVE operations entirely —which would have creating systemic risk for global vulnerability management. An emergency funding extension was implemented to avoid a full on crisis. https://www.justsecurity.org/136914/nist-cant-keep-up/ #NIST #MITRE #CVEs #NVD #Security #Risk #CyberSecurity #CyberDefence #CyberInfrastructure #AI #AISecurity #CISA #DHS #Vulnerability #ThreatIntelligence
-
🚨 OMG, #dnsmasq is exploding! 🚨 In a shocking twist of fate, CERT drops six #CVEs on lazy vendors who didn't realize their software was a ticking time bomb. Apparently, "longstanding bugs" means "we've ignored this for years, but now it's an emergency" 😂.
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html #cybersecurity #softwarebugs #vendorresponsibility #emergencyfix #HackerNews #ngated -
🚨 OMG, #dnsmasq is exploding! 🚨 In a shocking twist of fate, CERT drops six #CVEs on lazy vendors who didn't realize their software was a ticking time bomb. Apparently, "longstanding bugs" means "we've ignored this for years, but now it's an emergency" 😂.
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html #cybersecurity #softwarebugs #vendorresponsibility #emergencyfix #HackerNews #ngated -
🚨 OMG, #dnsmasq is exploding! 🚨 In a shocking twist of fate, CERT drops six #CVEs on lazy vendors who didn't realize their software was a ticking time bomb. Apparently, "longstanding bugs" means "we've ignored this for years, but now it's an emergency" 😂.
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html #cybersecurity #softwarebugs #vendorresponsibility #emergencyfix #HackerNews #ngated -
🚨 OMG, #dnsmasq is exploding! 🚨 In a shocking twist of fate, CERT drops six #CVEs on lazy vendors who didn't realize their software was a ticking time bomb. Apparently, "longstanding bugs" means "we've ignored this for years, but now it's an emergency" 😂.
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html #cybersecurity #softwarebugs #vendorresponsibility #emergencyfix #HackerNews #ngated -
🚨 OMG, #dnsmasq is exploding! 🚨 In a shocking twist of fate, CERT drops six #CVEs on lazy vendors who didn't realize their software was a ticking time bomb. Apparently, "longstanding bugs" means "we've ignored this for years, but now it's an emergency" 😂.
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html #cybersecurity #softwarebugs #vendorresponsibility #emergencyfix #HackerNews #ngated -
CERT is releasing six CVEs for serious security vulnerabilities in dnsmasq
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html
#HackerNews #CERT #CVEs #dnsmasq #security #vulnerabilities #cybersecurity #patches
-
Non-determinism is an issue with patching CVEs
https://flox.dev/blog/achieving-rapid-cve-remediation-in-an-era-of-escalating-vulnerabilities/
#HackerNews #Non-determinism #CVEs #patching #vulnerabilities #security #software #development
-
Non-determinism is an issue with patching CVEs
https://flox.dev/blog/achieving-rapid-cve-remediation-in-an-era-of-escalating-vulnerabilities/
#HackerNews #Non-determinism #CVEs #patching #vulnerabilities #security #software #development
-
Non-determinism is an issue with patching CVEs
https://flox.dev/blog/achieving-rapid-cve-remediation-in-an-era-of-escalating-vulnerabilities/
#HackerNews #Non-determinism #CVEs #patching #vulnerabilities #security #software #development
-
Non-determinism is an issue with patching CVEs
https://flox.dev/blog/achieving-rapid-cve-remediation-in-an-era-of-escalating-vulnerabilities/
#HackerNews #Non-determinism #CVEs #patching #vulnerabilities #security #software #development
-
Non-determinism is an issue with patching CVEs
https://flox.dev/blog/achieving-rapid-cve-remediation-in-an-era-of-escalating-vulnerabilities/
#HackerNews #Non-determinism #CVEs #patching #vulnerabilities #security #software #development
-
Ah, #Rust, the golden child of #programming languages that was supposed to eradicate #bugs like a magic wand. 🪄✨ Yet here we are, in 2026, discovering that even the mighty Rust can't catch everything — 44 #CVEs worth in a single audit! 🤦♂️ Apparently, the real bug is believing any language is infallible. 🐛🔍
https://corrode.dev/blog/bugs-rust-wont-catch/ #SoftwareDevelopment #Infallibility #HackerNews #ngated -
40,000+ CVEs in a year. For many teams, #Kubernetes has turned into a vulnerability battlefield. @cat_edelveis explains why chasing #CVEs doesn’t scale—and what to do instead.
Learn how to move from noise to controlled risk: https://javapro.io/2026/04/14/modernizing-production-containers-to-resist-the-constant-cve-flow/
#DevOps @kubernetesio
-
130 new #CVEs are disclosed every day.
Learn how to filter out the 95% of "noise" and focus on vulnerabilities that are actually exploitable in production.
Check out the latest guest blog from Jonas Rosland (Sysdig)
-
Hundreds of #CVEs per scan. Tickets piling up. Teams start ignoring alerts. This isn’t a tooling issue—it’s a system design problem. Catherine Edelveis shows how to reduce CVE noise with hardened base images. See how to regain control: https://javapro.io/2026/04/14/modernizing-production-containers-to-resist-the-constant-cve-flow/
#DevOps @Docker
-
While many organizations have mastered pre-deployment scanning, a massive blind spot remains: post-deployment vulnerability detection. As Tracy Ragan explains in her latest blog, software that is secure at release can become vulnerable as new #CVEs are disclosed.
https://openssf.org/blog/2026/04/03/rethinking-post-deployment-vulnerability-detection/
-
Time for a #rescue mission at #JCON2026 🚨
Your #Java container image is bloated, full of #CVEs, and one bad base image away from disaster?
Catherine Edelveis shows how to shrink, pin, scan and sign your images in 45 minutes.
https://youtube.com/shorts/TH5tVysKO4A
🎟️https://2026.europe.jcon.one/tickets -
this looks like a genuinely good and very impressive use of “AI” in security research – I’m leaving the air quotes in place at the moment since I haven’t been able to find much detail on how the system actually operates. #AISLE describes it as an “autonomous analyser” and “the world’s first #AI-native Cyber Reasoning System (CRS) for vulnerability management” 🙄
I’m pretty sure it’s not just spicy autocarrot though, possibly a mix of deep learning or other machine learning techniques (things that I think of as part of “traditional” AI research) with a sprinkling of LLM on top for “natural language” capabilities (and it’s possible that they’re leaning into “AI” as a descriptor to assign to the current hype cycle rather than calling it “machine learning” but ¯_(ツ)_/¯ )
What AI Security Research Looks Like When It Works
“In the latest #OpenSSL security release on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for the original discovery of all twelve, each found and responsibly disclosed to the OpenSSL team during the fall and winter of 2025. Of those, 10 were assigned #CVE-2025 identifiers and 2 received CVE-2026 identifiers. Adding the 10 to the three we already found in the Fall 2025 release, AISLE is credited for surfacing 13 of 14 OpenSSL #CVEs assigned in 2025, and 15 total across both releases. This is a historically unusual concentration for any single research team, let alone an AI-driven one.
These weren't trivial findings either. They included CVE-2025-15467, a stack buffer overflow in CMS message parsing that's potentially remotely exploitable without valid key material, and exploits for which have been quickly developed online. OpenSSL rated it HIGH severity; NIST's CVSS v3 score is 9.8 out of 10 (CRITICAL, an extremely rare severity rating for such projects). Three of the bugs had been present since 1998-2000, for over a quarter century having been missed by intense machine and human effort alike. One predated OpenSSL itself, inherited from #EricYoung's original #SSLeay implementation in the 1990s. All of this in a codebase that has been fuzzed for millions of CPU-hours and audited extensively for over two decades by teams including Google's.
In five of the twelve cases, our AI system directly proposed the patches that were accepted into the official release.”
https://aisle.com/blog/what-ai-security-research-looks-like-when-it-works
-
this looks like a genuinely good and very impressive use of “AI” in security research – I’m leaving the air quotes in place at the moment since I haven’t been able to find much detail on how the system actually operates. #AISLE describes it as an “autonomous analyser” and “the world’s first #AI-native Cyber Reasoning System (CRS) for vulnerability management” 🙄
I’m pretty sure it’s not just spicy autocarrot though, possibly a mix of deep learning or other machine learning techniques (things that I think of as part of “traditional” AI research) with a sprinkling of LLM on top for “natural language” capabilities (and it’s possible that they’re leaning into “AI” as a descriptor to assign to the current hype cycle rather than calling it “machine learning” but ¯_(ツ)_/¯ )
What AI Security Research Looks Like When It Works
“In the latest #OpenSSL security release on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for the original discovery of all twelve, each found and responsibly disclosed to the OpenSSL team during the fall and winter of 2025. Of those, 10 were assigned #CVE-2025 identifiers and 2 received CVE-2026 identifiers. Adding the 10 to the three we already found in the Fall 2025 release, AISLE is credited for surfacing 13 of 14 OpenSSL #CVEs assigned in 2025, and 15 total across both releases. This is a historically unusual concentration for any single research team, let alone an AI-driven one.
These weren't trivial findings either. They included CVE-2025-15467, a stack buffer overflow in CMS message parsing that's potentially remotely exploitable without valid key material, and exploits for which have been quickly developed online. OpenSSL rated it HIGH severity; NIST's CVSS v3 score is 9.8 out of 10 (CRITICAL, an extremely rare severity rating for such projects). Three of the bugs had been present since 1998-2000, for over a quarter century having been missed by intense machine and human effort alike. One predated OpenSSL itself, inherited from #EricYoung's original #SSLeay implementation in the 1990s. All of this in a codebase that has been fuzzed for millions of CPU-hours and audited extensively for over two decades by teams including Google's.
In five of the twelve cases, our AI system directly proposed the patches that were accepted into the official release.”
https://aisle.com/blog/what-ai-security-research-looks-like-when-it-works
-
this looks like a genuinely good and very impressive use of “AI” in security research – I’m leaving the air quotes in place at the moment since I haven’t been able to find much detail on how the system actually operates. #AISLE describes it as an “autonomous analyser” and “the world’s first #AI-native Cyber Reasoning System (CRS) for vulnerability management” 🙄
I’m pretty sure it’s not just spicy autocarrot though, possibly a mix of deep learning or other machine learning techniques (things that I think of as part of “traditional” AI research) with a sprinkling of LLM on top for “natural language” capabilities (and it’s possible that they’re leaning into “AI” as a descriptor to assign to the current hype cycle rather than calling it “machine learning” but ¯_(ツ)_/¯ )
What AI Security Research Looks Like When It Works
“In the latest #OpenSSL security release on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for the original discovery of all twelve, each found and responsibly disclosed to the OpenSSL team during the fall and winter of 2025. Of those, 10 were assigned #CVE-2025 identifiers and 2 received CVE-2026 identifiers. Adding the 10 to the three we already found in the Fall 2025 release, AISLE is credited for surfacing 13 of 14 OpenSSL #CVEs assigned in 2025, and 15 total across both releases. This is a historically unusual concentration for any single research team, let alone an AI-driven one.
These weren't trivial findings either. They included CVE-2025-15467, a stack buffer overflow in CMS message parsing that's potentially remotely exploitable without valid key material, and exploits for which have been quickly developed online. OpenSSL rated it HIGH severity; NIST's CVSS v3 score is 9.8 out of 10 (CRITICAL, an extremely rare severity rating for such projects). Three of the bugs had been present since 1998-2000, for over a quarter century having been missed by intense machine and human effort alike. One predated OpenSSL itself, inherited from #EricYoung's original #SSLeay implementation in the 1990s. All of this in a codebase that has been fuzzed for millions of CPU-hours and audited extensively for over two decades by teams including Google's.
In five of the twelve cases, our AI system directly proposed the patches that were accepted into the official release.”
https://aisle.com/blog/what-ai-security-research-looks-like-when-it-works
-
this looks like a genuinely good and very impressive use of “AI” in security research – I’m leaving the air quotes in place at the moment since I haven’t been able to find much detail on how the system actually operates. #AISLE describes it as an “autonomous analyser” and “the world’s first #AI-native Cyber Reasoning System (CRS) for vulnerability management” 🙄
I’m pretty sure it’s not just spicy autocarrot though, possibly a mix of deep learning or other machine learning techniques (things that I think of as part of “traditional” AI research) with a sprinkling of LLM on top for “natural language” capabilities (and it’s possible that they’re leaning into “AI” as a descriptor to assign to the current hype cycle rather than calling it “machine learning” but ¯_(ツ)_/¯ )
What AI Security Research Looks Like When It Works
“In the latest #OpenSSL security release on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for the original discovery of all twelve, each found and responsibly disclosed to the OpenSSL team during the fall and winter of 2025. Of those, 10 were assigned #CVE-2025 identifiers and 2 received CVE-2026 identifiers. Adding the 10 to the three we already found in the Fall 2025 release, AISLE is credited for surfacing 13 of 14 OpenSSL #CVEs assigned in 2025, and 15 total across both releases. This is a historically unusual concentration for any single research team, let alone an AI-driven one.
These weren't trivial findings either. They included CVE-2025-15467, a stack buffer overflow in CMS message parsing that's potentially remotely exploitable without valid key material, and exploits for which have been quickly developed online. OpenSSL rated it HIGH severity; NIST's CVSS v3 score is 9.8 out of 10 (CRITICAL, an extremely rare severity rating for such projects). Three of the bugs had been present since 1998-2000, for over a quarter century having been missed by intense machine and human effort alike. One predated OpenSSL itself, inherited from #EricYoung's original #SSLeay implementation in the 1990s. All of this in a codebase that has been fuzzed for millions of CPU-hours and audited extensively for over two decades by teams including Google's.
In five of the twelve cases, our AI system directly proposed the patches that were accepted into the official release.”
https://aisle.com/blog/what-ai-security-research-looks-like-when-it-works
-
this looks like a genuinely good and very impressive use of “AI” in security research – I’m leaving the air quotes in place at the moment since I haven’t been able to find much detail on how the system actually operates. #AISLE describes it as an “autonomous analyser” and “the world’s first #AI-native Cyber Reasoning System (CRS) for vulnerability management” 🙄
I’m pretty sure it’s not just spicy autocarrot though, possibly a mix of deep learning or other machine learning techniques (things that I think of as part of “traditional” AI research) with a sprinkling of LLM on top for “natural language” capabilities (and it’s possible that they’re leaning into “AI” as a descriptor to assign to the current hype cycle rather than calling it “machine learning” but ¯_(ツ)_/¯ )
What AI Security Research Looks Like When It Works
“In the latest #OpenSSL security release on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure) were announced. Our AI system is responsible for the original discovery of all twelve, each found and responsibly disclosed to the OpenSSL team during the fall and winter of 2025. Of those, 10 were assigned #CVE-2025 identifiers and 2 received CVE-2026 identifiers. Adding the 10 to the three we already found in the Fall 2025 release, AISLE is credited for surfacing 13 of 14 OpenSSL #CVEs assigned in 2025, and 15 total across both releases. This is a historically unusual concentration for any single research team, let alone an AI-driven one.
These weren't trivial findings either. They included CVE-2025-15467, a stack buffer overflow in CMS message parsing that's potentially remotely exploitable without valid key material, and exploits for which have been quickly developed online. OpenSSL rated it HIGH severity; NIST's CVSS v3 score is 9.8 out of 10 (CRITICAL, an extremely rare severity rating for such projects). Three of the bugs had been present since 1998-2000, for over a quarter century having been missed by intense machine and human effort alike. One predated OpenSSL itself, inherited from #EricYoung's original #SSLeay implementation in the 1990s. All of this in a codebase that has been fuzzed for millions of CPU-hours and audited extensively for over two decades by teams including Google's.
In five of the twelve cases, our AI system directly proposed the patches that were accepted into the official release.”
https://aisle.com/blog/what-ai-security-research-looks-like-when-it-works
-
80 percent is the new 100: Strategische #Risikopriorisierung von IT-#Schwachstellen ist zukünftig das Credo - wenn es nicht ohnehin jetzt schon so ist.
So deutet ein neues Forecast des internationalen Netzwerks #FIRST (Forum of Incident Response and Security Teams) darauf hin, dass 2026 erstmals über 50.000 neue #CVEs veröffentlicht werden.
Künftig kommt es im #Cybersecurity Management deshalb deutlich stärker darauf an, die wirklich relevanten Lücken zu priorisieren:
https://www.first.org/blog/20260211-vulnerability-forecast-2026
-
🚨 BREAKING: The #Svelte ecosystem is under attack... by five whole CVEs! 😱 Quick, #upgrade your packages before your code spontaneously combusts! 🔥 Because who doesn't love an #urgent #patch party? 🎉
https://svelte.dev/blog/cves-affecting-the-svelte-ecosystem #CVEs #cybersecurity #party #HackerNews #ngated -
The illustrious Greg KH finally reveals the mystical sorcery behind Linux kernel #security 🎩✨, because who doesn't love a riveting saga about #CVEs that nobody asked for 🤷♂️? Watch as he valiantly attempts to explain the unknowable to the already uninterested—again. 💤🔐
http://www.kroah.com/log/blog/2026/01/02/linux-kernel-security-work/ #LinuxKernel #GregKH #OpenSource #TechHumor #HackerNews #ngated -
Ally Petitt: Youngest OSCP at 16yo. Over 11 CVEs by 18
https://ally-petitt.com/en/posts/2024-05-07_how-i-became-a-hacker-before-i-finished-high-school/
#HackerNews #AllyPetitt #YoungestOSCP #Cybersecurity #CVEs #HackerNews
-
https://bun.com/docs/install/security-scanner-api - use #Bun's package scanner to protect against known #CVEs during `bun add` and `bun install`
-
-
Patch-aware and why you should care! Yes, it rhymes, and yes, it matters. Check out my new #TuxCare blog about Radar vulnerability scanning! https://tuxcare.com/blog/what-is-patch-aware-and-why-should-you-care/
#TuxCareRadar #CVEs -
Regolith – Regex library that prevents ReDoS CVEs in TypeScript
https://github.com/JakeRoggenbuck/regolith
#HackerNews #Regolith #Regex #TypeScript #ReDoS #CVEs #OpenSource
-
Palo Alto: “LOL, we fixed 24 vulns in a random Tuesday update with no CVE alert. Why are you panicking?”
https://security.paloaltonetworks.com/PAN-SA-2025-0012
- No alerts
- No heads-up
Just a stealth patch buried in the advisory feed.
The stats:
- 24 total CVEs
- 11 High, 11 Medium
- 100% discovered externally
- Average patch delay: 4 FUCKING years for high severity
All bundled into one advisory.
Welcome to the Patch Gacha Machine:
Spin once, fix 24 vulnerabilities (maybe).PAN CVEs age like wine… and compromise like whiskey.
#PANOS #CyberSecurity #CVEs #PatchAndPray #SilentFixes #PSIRTFail #MemeSec #BlueTeamLife #TrustButVerify
-
Palo Alto: “LOL, we fixed 24 vulns in a random Tuesday update with no CVE alert. Why are you panicking?”
https://security.paloaltonetworks.com/PAN-SA-2025-0012
- No alerts
- No heads-up
Just a stealth patch buried in the advisory feed.
The stats:
- 24 total CVEs
- 11 High, 11 Medium
- 100% discovered externally
- Average patch delay: 4 FUCKING years for high severity
All bundled into one advisory.
Welcome to the Patch Gacha Machine:
Spin once, fix 24 vulnerabilities (maybe).PAN CVEs age like wine… and compromise like whiskey.
#PANOS #CyberSecurity #CVEs #PatchAndPray #SilentFixes #PSIRTFail #MemeSec #BlueTeamLife #TrustButVerify
-
Palo Alto: “LOL, we fixed 24 vulns in a random Tuesday update with no CVE alert. Why are you panicking?”
https://security.paloaltonetworks.com/PAN-SA-2025-0012
- No alerts
- No heads-up
Just a stealth patch buried in the advisory feed.
The stats:
- 24 total CVEs
- 11 High, 11 Medium
- 100% discovered externally
- Average patch delay: 4 FUCKING years for high severity
All bundled into one advisory.
Welcome to the Patch Gacha Machine:
Spin once, fix 24 vulnerabilities (maybe).PAN CVEs age like wine… and compromise like whiskey.
#PANOS #CyberSecurity #CVEs #PatchAndPray #SilentFixes #PSIRTFail #MemeSec #BlueTeamLife #TrustButVerify
-
Palo Alto: “LOL, we fixed 24 vulns in a random Tuesday update with no CVE alert. Why are you panicking?”
https://security.paloaltonetworks.com/PAN-SA-2025-0012
- No alerts
- No heads-up
Just a stealth patch buried in the advisory feed.
The stats:
- 24 total CVEs
- 11 High, 11 Medium
- 100% discovered externally
- Average patch delay: 4 FUCKING years for high severity
All bundled into one advisory.
Welcome to the Patch Gacha Machine:
Spin once, fix 24 vulnerabilities (maybe).PAN CVEs age like wine… and compromise like whiskey.
#PANOS #CyberSecurity #CVEs #PatchAndPray #SilentFixes #PSIRTFail #MemeSec #BlueTeamLife #TrustButVerify
-
Palo Alto: “LOL, we fixed 24 vulns in a random Tuesday update with no CVE alert. Why are you panicking?”
https://security.paloaltonetworks.com/PAN-SA-2025-0012
- No alerts
- No heads-up
Just a stealth patch buried in the advisory feed.
The stats:
- 24 total CVEs
- 11 High, 11 Medium
- 100% discovered externally
- Average patch delay: 4 FUCKING years for high severity
All bundled into one advisory.
Welcome to the Patch Gacha Machine:
Spin once, fix 24 vulnerabilities (maybe).PAN CVEs age like wine… and compromise like whiskey.
#PANOS #CyberSecurity #CVEs #PatchAndPray #SilentFixes #PSIRTFail #MemeSec #BlueTeamLife #TrustButVerify
-
CISA Adds One Known Exploited Vulnerability to Catalog https://www.cisa.gov/news-events/alerts/2025/07/18/cisa-adds-one-known-exploited-vulnerability-catalog
-
Ah, the eternal struggle of transforming core dumps into a never-ending flow of #CVEs 😱. LWN.net bravely tackles this "urgent" issue with their subscriber-only content because nothing screams #exclusivity like bug reports 🤦♂️. Remember, dear reader, subscribing might just be the key to unlocking the secrets of dump management! 💼✨
https://lwn.net/SubscriberLink/1024160/f18b880c8cd1eef1/ #coreDumps #LWNnet #bugReports #subscriberContent #HackerNews #ngated -
Ah, the eternal struggle of transforming core dumps into a never-ending flow of #CVEs 😱. LWN.net bravely tackles this "urgent" issue with their subscriber-only content because nothing screams #exclusivity like bug reports 🤦♂️. Remember, dear reader, subscribing might just be the key to unlocking the secrets of dump management! 💼✨
https://lwn.net/SubscriberLink/1024160/f18b880c8cd1eef1/ #coreDumps #LWNnet #bugReports #subscriberContent #HackerNews #ngated -
Ah, the eternal struggle of transforming core dumps into a never-ending flow of #CVEs 😱. LWN.net bravely tackles this "urgent" issue with their subscriber-only content because nothing screams #exclusivity like bug reports 🤦♂️. Remember, dear reader, subscribing might just be the key to unlocking the secrets of dump management! 💼✨
https://lwn.net/SubscriberLink/1024160/f18b880c8cd1eef1/ #coreDumps #LWNnet #bugReports #subscriberContent #HackerNews #ngated -
Ah, the eternal struggle of transforming core dumps into a never-ending flow of #CVEs 😱. LWN.net bravely tackles this "urgent" issue with their subscriber-only content because nothing screams #exclusivity like bug reports 🤦♂️. Remember, dear reader, subscribing might just be the key to unlocking the secrets of dump management! 💼✨
https://lwn.net/SubscriberLink/1024160/f18b880c8cd1eef1/ #coreDumps #LWNnet #bugReports #subscriberContent #HackerNews #ngated -
Slowing the flow of core-dump-related CVEs
https://lwn.net/SubscriberLink/1024160/f18b880c8cd1eef1/
#HackerNews #Slowing #the #flow #of #core-dump-related #CVEs #cybersecurity #CVEs #core-dump #security #vulnerabilities #HackerNews
