Topic: responsible disclosure
-
Security Firms Clash Over CVE Credit Claims
FuzzingLabs accuses Gecko Security of copying their vulnerability discoveries and proof-of-concept exploits, including backdating blog posts to claim credit for CVEs like CVE-2025-51471 and CVE-2025-48889. Gecko Security denies intentional misconduct, attributing the overlap to parallel research ...
Read More » -
Radware Exposes Critical ChatGPT Zero-Click Vulnerability
Radware discovered "ShadowLeak," a zero-click vulnerability in ChatGPT's Deep Research agent that autonomously extracts sensitive data from OpenAI's cloud servers without user interaction. The exploit allows attackers to trigger a data breach simply by sending an email, as the AI agent processes ...
Read More » -
UK NCSC Backs Public Disclosure of AI Security Flaws
UK cybersecurity and AI authorities advocate for crowdsourced initiatives to identify and address AI vulnerabilities, emphasizing the rising risks from malicious exploitation of advanced platforms. In response to AI system breaches, developers have launched bug bounty programs to incentivize ethi...
Read More » -
Critical Docker Desktop Flaw Exposes Windows Hosts to Hijacking
A critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS allows attackers to compromise the host system by executing malicious containers, bypassing the Enhanced Container Isolation feature. The flaw enables unauthorized access to host files and services via the Docker Eng...
Read More » -
Exposed: TeaOnHer Leaked User Driver’s Licenses in Minutes
A dating gossip app for men, TeaOnHer, exposed sensitive user data like driver's license photos and IDs due to severe security flaws, including an unsecured API and publicly accessible backend. The app's weak security allowed unauthorized access to personal records without authentication, and adm...
Read More » -
Ivanti warns of critical code execution flaw in Endpoint Manager
A critical vulnerability (CVE-2025-10573) in Ivanti's Endpoint Manager allows unauthenticated attackers to execute arbitrary code by tricking an administrator into viewing a compromised dashboard. Ivanti has released a patch, but the risk is heightened as hundreds of EPM instances are exposed onl...
Read More » -
Pentiment, Other Games Pulled From Steam Amid Unity Security Flaw
A security flaw in Unity game engine versions from 2017.1 onward has led to the temporary removal of several popular games from Steam, affecting multiple platforms but with no current evidence of exploitation. The vulnerability, reported responsibly by a researcher, could allow unsafe file loadin...
Read More »