#vulnerabilitydisclosure — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #vulnerabilitydisclosure, aggregated by home.social.
-
CISA Opens KEV Nominations to Bolster Vulnerability Intelligence
CISA is now accepting nominations for its Known Exploited Vulnerabilities catalog, empowering public reporting to strengthen the nation's cybersecurity posture by quickly identifying and mitigating exploited vulnerabilities. By submitting through the new KEV nomination form, you're helping to keep federal,…
#VulnerabilityDisclosure #KnownExploitedVulnerabilities #Kev #Cisa #VulnerabilityIntelligence
-
https://winbuzzer.com/2026/04/09/windows-zero-day-published-on-github-after-msrc-silence-xcxwbn/
Windows Zero-Day Published on Github as Microsoft Fails to Act
#Microsoft #Windows #WindowsSecurity #Cybersecurity #ZeroDayVulnerabilities #Exploits #Vulnerability #VulnerabilityDisclosure #SecurityResearch #Windows11 #BigTech
-
https://winbuzzer.com/2026/04/09/windows-zero-day-published-on-github-after-msrc-silence-xcxwbn/
Windows Zero-Day Published on Github as Microsoft Fails to Act
#Microsoft #Windows #WindowsSecurity #Cybersecurity #ZeroDayVulnerabilities #Exploits #Vulnerability #VulnerabilityDisclosure #SecurityResearch #Windows11 #BigTech
-
https://winbuzzer.com/2026/04/09/windows-zero-day-published-on-github-after-msrc-silence-xcxwbn/
Windows Zero-Day Published on Github as Microsoft Fails to Act
#Microsoft #Windows #WindowsSecurity #Cybersecurity #ZeroDayVulnerabilities #Exploits #Vulnerability #VulnerabilityDisclosure #SecurityResearch #Windows11 #BigTech
-
https://winbuzzer.com/2026/04/09/windows-zero-day-published-on-github-after-msrc-silence-xcxwbn/
Windows Zero-Day Published on Github as Microsoft Fails to Act
#Microsoft #Windows #WindowsSecurity #Cybersecurity #ZeroDayVulnerabilities #Exploits #Vulnerability #VulnerabilityDisclosure #SecurityResearch #Windows11 #BigTech
-
https://winbuzzer.com/2026/04/09/windows-zero-day-published-on-github-after-msrc-silence-xcxwbn/
Windows Zero-Day Published on Github as Microsoft Fails to Act
#Microsoft #Windows #WindowsSecurity #Cybersecurity #ZeroDayVulnerabilities #Exploits #Vulnerability #VulnerabilityDisclosure #SecurityResearch #Windows11 #BigTech
-
We don't need to hack your AI Agent to hack your AI Agent …and we don't need an AI agent for that either :)
Via a large enterprise's AI assistant, we obtained access to several million Entra identities and all chat logs including attachments — no prompt injection or model tricks required.
For all we know, the poor agent was not at fault and may not have even been able to witness what was happening.
https://srlabs.de/blog/hacking-ai-agent
#AI #AIhacking #VulnerabilityDisclosure #ResponsibleDisclosure
-
We don't need to hack your AI Agent to hack your AI Agent …and we don't need an AI agent for that either :)
Via a large enterprise's AI assistant, we obtained access to several million Entra identities and all chat logs including attachments — no prompt injection or model tricks required.
For all we know, the poor agent was not at fault and may not have even been able to witness what was happening.
https://srlabs.de/blog/hacking-ai-agent
#AI #AIhacking #VulnerabilityDisclosure #ResponsibleDisclosure
-
We don't need to hack your AI Agent to hack your AI Agent …and we don't need an AI agent for that either :)
Via a large enterprise's AI assistant, we obtained access to several million Entra identities and all chat logs including attachments — no prompt injection or model tricks required.
For all we know, the poor agent was not at fault and may not have even been able to witness what was happening.
https://srlabs.de/blog/hacking-ai-agent
#AI #AIhacking #VulnerabilityDisclosure #ResponsibleDisclosure
-
We don't need to hack your AI Agent to hack your AI Agent …and we don't need an AI agent for that either :)
Via a large enterprise's AI assistant, we obtained access to several million Entra identities and all chat logs including attachments — no prompt injection or model tricks required.
For all we know, the poor agent was not at fault and may not have even been able to witness what was happening.
https://srlabs.de/blog/hacking-ai-agent
#AI #AIhacking #VulnerabilityDisclosure #ResponsibleDisclosure
-
We don't need to hack your AI Agent to hack your AI Agent …and we don't need an AI agent for that either :)
Via a large enterprise's AI assistant, we obtained access to several million Entra identities and all chat logs including attachments — no prompt injection or model tricks required.
For all we know, the poor agent was not at fault and may not have even been able to witness what was happening.
https://srlabs.de/blog/hacking-ai-agent
#AI #AIhacking #VulnerabilityDisclosure #ResponsibleDisclosure
-
Acknowledging Reality in Vulnerability Disclosure.
Every few years, vulnerability disclosure is declared settled. We are told that the ecosystem has matured, that coordinated disclosure is the answer, and that whatever remains outside this model is either irresponsible, obsolete, or simply irrelevant.
🔗 https://www.foo.be/2026/02/Acknowledging-Reality-in-Vulnerability-Disclosure
#vulnerabilitymanagement #gcve #cve #cybersecurity #cvd #vulnerabilitydisclosure #open
This is my bloody personal blog, not an official statement. .
-
PoC exploits are now public for CVE-2025-69258 in Trend Micro Apex Central (on-premise), a vulnerability that could allow unauthenticated RCE on affected systems.
A patch is available, and there are no confirmed exploitation reports so far. Public PoCs, however, tend to accelerate attacker interest.
Follow @technadu for objective and technically grounded infosec updates.
Source: https://www.helpnetsecurity.com/2026/01/08/trend-micro-apex-central-cve-2025-69258-rce-poc/
#Infosec #VulnerabilityDisclosure #PatchManagement #RCE #EnterpriseSecurity #ThreatLandscape
-
PoC exploits are now public for CVE-2025-69258 in Trend Micro Apex Central (on-premise), a vulnerability that could allow unauthenticated RCE on affected systems.
A patch is available, and there are no confirmed exploitation reports so far. Public PoCs, however, tend to accelerate attacker interest.
Follow @technadu for objective and technically grounded infosec updates.
Source: https://www.helpnetsecurity.com/2026/01/08/trend-micro-apex-central-cve-2025-69258-rce-poc/
#Infosec #VulnerabilityDisclosure #PatchManagement #RCE #EnterpriseSecurity #ThreatLandscape
-
PoC exploits are now public for CVE-2025-69258 in Trend Micro Apex Central (on-premise), a vulnerability that could allow unauthenticated RCE on affected systems.
A patch is available, and there are no confirmed exploitation reports so far. Public PoCs, however, tend to accelerate attacker interest.
Follow @technadu for objective and technically grounded infosec updates.
Source: https://www.helpnetsecurity.com/2026/01/08/trend-micro-apex-central-cve-2025-69258-rce-poc/
#Infosec #VulnerabilityDisclosure #PatchManagement #RCE #EnterpriseSecurity #ThreatLandscape
-
PoC exploits are now public for CVE-2025-69258 in Trend Micro Apex Central (on-premise), a vulnerability that could allow unauthenticated RCE on affected systems.
A patch is available, and there are no confirmed exploitation reports so far. Public PoCs, however, tend to accelerate attacker interest.
Follow @technadu for objective and technically grounded infosec updates.
Source: https://www.helpnetsecurity.com/2026/01/08/trend-micro-apex-central-cve-2025-69258-rce-poc/
#Infosec #VulnerabilityDisclosure #PatchManagement #RCE #EnterpriseSecurity #ThreatLandscape
-
Check out ˗ˏˋ ⭒ https://lnkd.in/gE2wUqgc ⭒ ˎˊ˗ to see my intro whilst you listen.
I'm thus re-naming this work as "CVE Keeper - Security at x+1; rethinking vulnerability management beyond CVSS & scanners". I must also thank @andrewpollock for reviewing several of my verbose drafts. 🫡
So, Security at x+1; rethinking vulnerability management beyond CVSS & scanners -
Most vulnerability tooling today is optimized for disclosure and alert volume, not for making correct decisions on real systems. CVEs arrive faster than teams can evaluate them, scores are generic, context arrives late, and we still struggle to answer the only question that matters: does this actually put my system at risk right now?
Over the last few years working close to CVE lifecycle automation, I’ve been designing an open architecture that treats vulnerability management as a continuous, system-specific reasoning problem rather than a static scoring task. The goal is to assess impact on the same day for 0-days using minimal upstream data, refine accuracy over time as context improves, reason across dependencies and compound vulnerabilities, and couple automation with explicit human verification instead of replacing it.
This work explores:
⤇ 1• Same-day triage of newly disclosed and 0-day vulnerabilities
⤇ 2• Dependency-aware and compound vulnerability impact assessment
⤇ 3• Correlating classical CVSS with AI-specific threat vectors
⤇ 4• Reducing operational noise, unnecessary reboots, and security burnout
⤇ 5• Making high-quality vulnerability intelligence accessible beyond enterprise teamsThe core belief is simple: most security failures come from misjudged impact, not missed vulnerabilities. Accuracy, context, and accountability matter more than volume.
I’m sharing this to invite feedback from folks working in CVE, OSV, vulnerability disclosure, AI security, infra, and systems research. Disagreement and critique are welcome. This problem affects everyone, and I don’t think incremental tooling alone will solve it.
P.S.
- Super appreciate everyone that's spent time reviewing my drafts and reading all my essays lol. I owe you 🫶🏻
- ... and GoogleLM. These slides would have taken me forever to make otherwise.
Take my CVE-data User Survey to allow me to tailor your needs into my design - lnkd.in/gcyvnZeE
See more at - lnkd.in/gGWQfBW5
lnkd.in/gE2wUqgc#VulnerabilityManagement #Risk #ThreatModeling #CVE #CyberSecurity #Infosec #VulnerabilityManagement #ThreatIntelligence #ApplicationSecurity #SecurityOperations #ZeroDay #RiskManagement #DevSecOps #CVE #CVEAnalysis #VulnerabilityDisclosure #SecurityData #CVSS #VulnerabilityAssessment #PatchManagement #AI #AIML #AISecurity #MachineLearning #AIThreats #AIinSecurity #SecureAI #OSS #Rust #ZeroTrust #Security
https://www.linkedin.com/feed/update/urn:li:activity:7409399623087370240
-
Check out ˗ˏˋ ⭒ https://lnkd.in/gE2wUqgc ⭒ ˎˊ˗ to see my intro whilst you listen.
I'm thus re-naming this work as "CVE Keeper - Security at x+1; rethinking vulnerability management beyond CVSS & scanners". I must also thank @andrewpollock for reviewing several of my verbose drafts. 🫡
So, Security at x+1; rethinking vulnerability management beyond CVSS & scanners -
Most vulnerability tooling today is optimized for disclosure and alert volume, not for making correct decisions on real systems. CVEs arrive faster than teams can evaluate them, scores are generic, context arrives late, and we still struggle to answer the only question that matters: does this actually put my system at risk right now?
Over the last few years working close to CVE lifecycle automation, I’ve been designing an open architecture that treats vulnerability management as a continuous, system-specific reasoning problem rather than a static scoring task. The goal is to assess impact on the same day for 0-days using minimal upstream data, refine accuracy over time as context improves, reason across dependencies and compound vulnerabilities, and couple automation with explicit human verification instead of replacing it.
This work explores:
⤇ 1• Same-day triage of newly disclosed and 0-day vulnerabilities
⤇ 2• Dependency-aware and compound vulnerability impact assessment
⤇ 3• Correlating classical CVSS with AI-specific threat vectors
⤇ 4• Reducing operational noise, unnecessary reboots, and security burnout
⤇ 5• Making high-quality vulnerability intelligence accessible beyond enterprise teamsThe core belief is simple: most security failures come from misjudged impact, not missed vulnerabilities. Accuracy, context, and accountability matter more than volume.
I’m sharing this to invite feedback from folks working in CVE, OSV, vulnerability disclosure, AI security, infra, and systems research. Disagreement and critique are welcome. This problem affects everyone, and I don’t think incremental tooling alone will solve it.
P.S.
- Super appreciate everyone that's spent time reviewing my drafts and reading all my essays lol. I owe you 🫶🏻
- ... and GoogleLM. These slides would have taken me forever to make otherwise.
Take my CVE-data User Survey to allow me to tailor your needs into my design - lnkd.in/gcyvnZeE
See more at - lnkd.in/gGWQfBW5
lnkd.in/gE2wUqgc#VulnerabilityManagement #Risk #ThreatModeling #CVE #CyberSecurity #Infosec #VulnerabilityManagement #ThreatIntelligence #ApplicationSecurity #SecurityOperations #ZeroDay #RiskManagement #DevSecOps #CVE #CVEAnalysis #VulnerabilityDisclosure #SecurityData #CVSS #VulnerabilityAssessment #PatchManagement #AI #AIML #AISecurity #MachineLearning #AIThreats #AIinSecurity #SecureAI #OSS #Rust #ZeroTrust #Security
https://www.linkedin.com/feed/update/urn:li:activity:7409399623087370240
-
Check out ˗ˏˋ ⭒ https://lnkd.in/gE2wUqgc ⭒ ˎˊ˗ to see my intro whilst you listen.
I'm thus re-naming this work as "CVE Keeper - Security at x+1; rethinking vulnerability management beyond CVSS & scanners". I must also thank @andrewpollock for reviewing several of my verbose drafts. 🫡
So, Security at x+1; rethinking vulnerability management beyond CVSS & scanners -
Most vulnerability tooling today is optimized for disclosure and alert volume, not for making correct decisions on real systems. CVEs arrive faster than teams can evaluate them, scores are generic, context arrives late, and we still struggle to answer the only question that matters: does this actually put my system at risk right now?
Over the last few years working close to CVE lifecycle automation, I’ve been designing an open architecture that treats vulnerability management as a continuous, system-specific reasoning problem rather than a static scoring task. The goal is to assess impact on the same day for 0-days using minimal upstream data, refine accuracy over time as context improves, reason across dependencies and compound vulnerabilities, and couple automation with explicit human verification instead of replacing it.
This work explores:
⤇ 1• Same-day triage of newly disclosed and 0-day vulnerabilities
⤇ 2• Dependency-aware and compound vulnerability impact assessment
⤇ 3• Correlating classical CVSS with AI-specific threat vectors
⤇ 4• Reducing operational noise, unnecessary reboots, and security burnout
⤇ 5• Making high-quality vulnerability intelligence accessible beyond enterprise teamsThe core belief is simple: most security failures come from misjudged impact, not missed vulnerabilities. Accuracy, context, and accountability matter more than volume.
I’m sharing this to invite feedback from folks working in CVE, OSV, vulnerability disclosure, AI security, infra, and systems research. Disagreement and critique are welcome. This problem affects everyone, and I don’t think incremental tooling alone will solve it.
P.S.
- Super appreciate everyone that's spent time reviewing my drafts and reading all my essays lol. I owe you 🫶🏻
- ... and GoogleLM. These slides would have taken me forever to make otherwise.
Take my CVE-data User Survey to allow me to tailor your needs into my design - lnkd.in/gcyvnZeE
See more at - lnkd.in/gGWQfBW5
lnkd.in/gE2wUqgc#VulnerabilityManagement #Risk #ThreatModeling #CVE #CyberSecurity #Infosec #VulnerabilityManagement #ThreatIntelligence #ApplicationSecurity #SecurityOperations #ZeroDay #RiskManagement #DevSecOps #CVE #CVEAnalysis #VulnerabilityDisclosure #SecurityData #CVSS #VulnerabilityAssessment #PatchManagement #AI #AIML #AISecurity #MachineLearning #AIThreats #AIinSecurity #SecureAI #OSS #Rust #ZeroTrust #Security
https://www.linkedin.com/feed/update/urn:li:activity:7409399623087370240
-
Check out ˗ˏˋ ⭒ https://lnkd.in/gE2wUqgc ⭒ ˎˊ˗ to see my intro whilst you listen.
I'm thus re-naming this work as "CVE Keeper - Security at x+1; rethinking vulnerability management beyond CVSS & scanners". I must also thank @andrewpollock for reviewing several of my verbose drafts. 🫡
So, Security at x+1; rethinking vulnerability management beyond CVSS & scanners -
Most vulnerability tooling today is optimized for disclosure and alert volume, not for making correct decisions on real systems. CVEs arrive faster than teams can evaluate them, scores are generic, context arrives late, and we still struggle to answer the only question that matters: does this actually put my system at risk right now?
Over the last few years working close to CVE lifecycle automation, I’ve been designing an open architecture that treats vulnerability management as a continuous, system-specific reasoning problem rather than a static scoring task. The goal is to assess impact on the same day for 0-days using minimal upstream data, refine accuracy over time as context improves, reason across dependencies and compound vulnerabilities, and couple automation with explicit human verification instead of replacing it.
This work explores:
⤇ 1• Same-day triage of newly disclosed and 0-day vulnerabilities
⤇ 2• Dependency-aware and compound vulnerability impact assessment
⤇ 3• Correlating classical CVSS with AI-specific threat vectors
⤇ 4• Reducing operational noise, unnecessary reboots, and security burnout
⤇ 5• Making high-quality vulnerability intelligence accessible beyond enterprise teamsThe core belief is simple: most security failures come from misjudged impact, not missed vulnerabilities. Accuracy, context, and accountability matter more than volume.
I’m sharing this to invite feedback from folks working in CVE, OSV, vulnerability disclosure, AI security, infra, and systems research. Disagreement and critique are welcome. This problem affects everyone, and I don’t think incremental tooling alone will solve it.
P.S.
- Super appreciate everyone that's spent time reviewing my drafts and reading all my essays lol. I owe you 🫶🏻
- ... and GoogleLM. These slides would have taken me forever to make otherwise.
Take my CVE-data User Survey to allow me to tailor your needs into my design - lnkd.in/gcyvnZeE
See more at - lnkd.in/gGWQfBW5
lnkd.in/gE2wUqgc#VulnerabilityManagement #Risk #ThreatModeling #CVE #CyberSecurity #Infosec #VulnerabilityManagement #ThreatIntelligence #ApplicationSecurity #SecurityOperations #ZeroDay #RiskManagement #DevSecOps #CVE #CVEAnalysis #VulnerabilityDisclosure #SecurityData #CVSS #VulnerabilityAssessment #PatchManagement #AI #AIML #AISecurity #MachineLearning #AIThreats #AIinSecurity #SecureAI #OSS #Rust #ZeroTrust #Security
https://www.linkedin.com/feed/update/urn:li:activity:7409399623087370240
-
Why vulnerability reports stall inside shared hosting companies https://www.helpnetsecurity.com/2025/12/17/hosting-provider-vulnerability-notifications-remediation/ #vulnerabilitydisclosure #vulnerabilitymanagement #cybersecurity #Don'tmiss #Features #Hotstuff #research #strategy #News #tips
-
OIG Audit Finds Commerce Department Failing to Fully Secure Public-Facing Systems https://thecyberexpress.com/vdp-oig-audit-cybersecurity/ #VulnerabilityDisclosure #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CyberNews #CISA #OIG #VDP
-
OIG Audit Finds Commerce Department Failing to Fully Secure Public-Facing Systems https://thecyberexpress.com/vdp-oig-audit-cybersecurity/ #VulnerabilityDisclosure #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CyberNews #CISA #OIG #VDP
-
OIG Audit Finds Commerce Department Failing to Fully Secure Public-Facing Systems https://thecyberexpress.com/vdp-oig-audit-cybersecurity/ #VulnerabilityDisclosure #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CyberNews #CISA #OIG #VDP
-
OIG Audit Finds Commerce Department Failing to Fully Secure Public-Facing Systems https://thecyberexpress.com/vdp-oig-audit-cybersecurity/ #VulnerabilityDisclosure #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CyberNews #CISA #OIG #VDP
-
A 21-year-old cybersecurity entrepreneur in Russia has been arrested on treason charges, reportedly after publicly criticizing the Max messaging platform and raising concerns about new anti-cybercrime legislation.
With the case classified, details remain unclear - but the situation underscores the challenges faced by researchers operating in tightly regulated environments.
💬 What protections should security researchers have?
Follow @technadu for continuous global InfoSec coverage.#InfoSec #Cybersecurity #DigitalRights #SecurityResearch #VulnerabilityDisclosure #TechNews
-
What happens when vulnerability scores fall apart? https://www.helpnetsecurity.com/2025/11/24/sonatype-vulnerability-scoring-gaps-report/ #vulnerabilitydisclosure #softwaredevelopment #cybersecurity #opensource #Sonatype #report #News #risk #CVE
-
https://www.europesays.com/uk/584186/ ENISA named CVE program root, expanding its role in EU vulnerability coordination #CyberResilienceAct #ENISA #EU #EUCSIRTs #Europe #European #EuropeanUnion #EuropeanVulnerabilityDatabase #manufacturing #NIS2Directive #ProductSecurity #SingleReportingPlatform #vulnerabilities #VulnerabilityDisclosure
-
ENISA named CVE program root, expanding its role in EU vulnerability coordination https://www.byteseu.com/1559880/ #CyberResilienceAct #ENISA #EUCSIRTs #Europe #EuropeanVulnerabilityDatabase #Manufacturing #NIS2Directive #ProductSecurity #SingleReportingPlatform #vulnerabilities #VulnerabilityDisclosure
-
Testing out the new author attribution feature: https://skyplabs.com/posts/xss-iban-secured-transfer/
#Security #Web #WebSecurity #XSS #VulnerabilityDisclosure #Notary #Mastodon #Fediverse
-
When two firms uncover the same flaw, who really deserves the credit? A battle between FuzzingLabs and Gecko Security is shaking up CVE attribution—and it might change the game for cybersecurity. Read the full story.
#vulnerabilitydisclosure
#cvecredit
#cybersecurityethics
#infosec
#securityresearch -
When two firms uncover the same flaw, who really deserves the credit? A battle between FuzzingLabs and Gecko Security is shaking up CVE attribution—and it might change the game for cybersecurity. Read the full story.
#vulnerabilitydisclosure
#cvecredit
#cybersecurityethics
#infosec
#securityresearch -
When two firms uncover the same flaw, who really deserves the credit? A battle between FuzzingLabs and Gecko Security is shaking up CVE attribution—and it might change the game for cybersecurity. Read the full story.
#vulnerabilitydisclosure
#cvecredit
#cybersecurityethics
#infosec
#securityresearch -
When two firms uncover the same flaw, who really deserves the credit? A battle between FuzzingLabs and Gecko Security is shaking up CVE attribution—and it might change the game for cybersecurity. Read the full story.
#vulnerabilitydisclosure
#cvecredit
#cybersecurityethics
#infosec
#securityresearch -
How to get better results from bug bounty programs without wasting money https://www.helpnetsecurity.com/2025/10/07/bug-bounty-rewards-better-results/ #vulnerabilitydisclosure #AltaAssociates #cybersecurity #Don'tmiss #bugbounty #Intigriti #Features #Hotstuff #strategy #UpCloud #Google #News #CISO #tips
-
How to get better results from bug bounty programs without wasting money https://www.helpnetsecurity.com/2025/10/07/bug-bounty-rewards-better-results/ #vulnerabilitydisclosure #AltaAssociates #cybersecurity #Don'tmiss #bugbounty #Intigriti #Features #Hotstuff #strategy #UpCloud #Google #News #CISO #tips
-
How to get better results from bug bounty programs without wasting money https://www.helpnetsecurity.com/2025/10/07/bug-bounty-rewards-better-results/ #vulnerabilitydisclosure #AltaAssociates #cybersecurity #Don'tmiss #bugbounty #Intigriti #Features #Hotstuff #strategy #UpCloud #Google #News #CISO #tips
-
How to get better results from bug bounty programs without wasting money https://www.helpnetsecurity.com/2025/10/07/bug-bounty-rewards-better-results/ #vulnerabilitydisclosure #AltaAssociates #cybersecurity #Don'tmiss #bugbounty #Intigriti #Features #Hotstuff #strategy #UpCloud #Google #News #CISO #tips
-
Ruckus network management solutions riddled with unpatched vulnerabilities https://www.helpnetsecurity.com/2025/07/10/ruckus-network-management-solutions-riddled-with-unpatched-vulnerabilities/ #CarnegieMellonUniversity #vulnerabilitydisclosure #RuckusNetworks #vulnerability #networking #Don'tmiss #Hotstuff #wireless #Claroty #News
-
Critical vulnerabilities exploited! Learn how to protect your networks. #VulnerabilityDisclosure #FirmwareSecurity #MitigationStrategies https://redoracle.com/News/Critical-Exploited-Vulnerabilities-Threatening-Networks.html
-
CISA: Recently fixed Chrome vulnerability exploited in the wild (CVE-2025-4664) https://www.helpnetsecurity.com/2025/05/16/cisa-recently-fixed-chrome-vulnerability-exploited-in-the-wild-cve-2025-4664/ #vulnerabilitydisclosure #securityupdate #MicrosoftEdge #vulnerability #Don'tmiss #Hotstuff #Chrome #Google #News #CISA
-
@sergedroz @gcve Hello, thank you for your question.
Both OVR and GCVE share the same goal: strengthening global vulnerability coordination.
However, from what I understand, GCVE is still based on individual instances that could fail without true redundancy.
Additionally, GCVE is maybe not really neutral due to its structure and affiliations.OVR is developing a fully decentralized and resilient concept — not just for vulnerabilities, but also preparing for SBOM integration and considering upcoming legal requirements (e.g., cybersecurity regulations).
Our vision is an open, neutral, and community-based ecosystem that can survive political risks, technical outages, and grow sustainably with the global community.
Further information will follow in the next few days.
#CyberSecurity #VulnerabilityDisclosure #Decentralization #SBOM #OpenStandards #OVRFoundation #Resilience #DigitalSecurity
#CVE #OVR #GCVE #security #it #community -
@sergedroz @gcve Hello, thank you for your question.
Both OVR and GCVE share the same goal: strengthening global vulnerability coordination.
However, from what I understand, GCVE is still based on individual instances that could fail without true redundancy.
Additionally, GCVE is maybe not really neutral due to its structure and affiliations.OVR is developing a fully decentralized and resilient concept — not just for vulnerabilities, but also preparing for SBOM integration and considering upcoming legal requirements (e.g., cybersecurity regulations).
Our vision is an open, neutral, and community-based ecosystem that can survive political risks, technical outages, and grow sustainably with the global community.
Further information will follow in the next few days.
#CyberSecurity #VulnerabilityDisclosure #Decentralization #SBOM #OpenStandards #OVRFoundation #Resilience #DigitalSecurity
#CVE #OVR #GCVE #security #it #community -
@sergedroz @gcve Hello, thank you for your question.
Both OVR and GCVE share the same goal: strengthening global vulnerability coordination.
However, from what I understand, GCVE is still based on individual instances that could fail without true redundancy.
Additionally, GCVE is maybe not really neutral due to its structure and affiliations.OVR is developing a fully decentralized and resilient concept — not just for vulnerabilities, but also preparing for SBOM integration and considering upcoming legal requirements (e.g., cybersecurity regulations).
Our vision is an open, neutral, and community-based ecosystem that can survive political risks, technical outages, and grow sustainably with the global community.
Further information will follow in the next few days.
#CyberSecurity #VulnerabilityDisclosure #Decentralization #SBOM #OpenStandards #OVRFoundation #Resilience #DigitalSecurity
#CVE #OVR #GCVE #security #it #community -
@sergedroz @gcve Hello, thank you for your question.
Both OVR and GCVE share the same goal: strengthening global vulnerability coordination.
However, from what I understand, GCVE is still based on individual instances that could fail without true redundancy.
Additionally, GCVE is maybe not really neutral due to its structure and affiliations.OVR is developing a fully decentralized and resilient concept — not just for vulnerabilities, but also preparing for SBOM integration and considering upcoming legal requirements (e.g., cybersecurity regulations).
Our vision is an open, neutral, and community-based ecosystem that can survive political risks, technical outages, and grow sustainably with the global community.
Further information will follow in the next few days.
#CyberSecurity #VulnerabilityDisclosure #Decentralization #SBOM #OpenStandards #OVRFoundation #Resilience #DigitalSecurity
#CVE #OVR #GCVE #security #it #community -
@sergedroz @gcve Hello, thank you for your question.
Both OVR and GCVE share the same goal: strengthening global vulnerability coordination.
However, from what I understand, GCVE is still based on individual instances that could fail without true redundancy.
Additionally, GCVE is maybe not really neutral due to its structure and affiliations.OVR is developing a fully decentralized and resilient concept — not just for vulnerabilities, but also preparing for SBOM integration and considering upcoming legal requirements (e.g., cybersecurity regulations).
Our vision is an open, neutral, and community-based ecosystem that can survive political risks, technical outages, and grow sustainably with the global community.
Further information will follow in the next few days.
#CyberSecurity #VulnerabilityDisclosure #Decentralization #SBOM #OpenStandards #OVRFoundation #Resilience #DigitalSecurity
#CVE #OVR #GCVE #security #it #community -
🛡️ Something special is coming soon.
The OVR Foundation is launching its website shortly.
We’re building an open, decentralized standard for vulnerability reporting — because global security should never rely on one country or institution.
Stay tuned and follow. A more resilient future starts here.
#CyberSecurity #OpenStandards #DecentralizedWeb #OVR #FOSS #VulnerabilityDisclosure #InfoSec #Fediverse #CVE #Mitre #Vulnerability #decentralized
-
🛡️ Something special is coming soon.
The OVR Foundation is launching its website shortly.
We’re building an open, decentralized standard for vulnerability reporting — because global security should never rely on one country or institution.
Stay tuned and follow. A more resilient future starts here.
#CyberSecurity #OpenStandards #DecentralizedWeb #OVR #FOSS #VulnerabilityDisclosure #InfoSec #Fediverse #CVE #Mitre #Vulnerability #decentralized
-
Funding uncertainty may spell the end of MITRE’s CVE program https://www.helpnetsecurity.com/2025/04/16/funding-uncertainty-may-spell-the-end-of-mitres-cve-program/ #vulnerabilitydisclosure #vulnerabilitymanagement #CardinalOps #Don'tmiss #VulnCheck #Hotstuff #Edera #MITRE #News #CVE
-
Funding uncertainty may spell the end of MITRE’s CVE program https://www.helpnetsecurity.com/2025/04/16/funding-uncertainty-may-spell-the-end-of-mitres-cve-program/ #vulnerabilitydisclosure #vulnerabilitymanagement #CardinalOps #Don'tmiss #VulnCheck #Hotstuff #Edera #MITRE #News #CVE