NASA acknowledges independent researcher Hasan İsmail Gülkaya for discovering vulnerabilities through its Vulnerability Disclosure Program, highlighting the importance of ethical hacking in ...

Managing vulnerability reports is difficult for an organisation.  In an ideal world, something like this happens: Everyone is ...

HackerOne has released a new framework designed to provide the necessary legal cover for researchers to interrogate AI ...

Cybersecurity company FuzzingLabs has accused the Y Combinator-backed startup, Gecko Security, of replicating its vulnerability disclosures and backdating blog posts. According to the company, Gecko ...

Microsoft has pushed back against claims that multiple prompt injection and sandbox-related issues raised by a security engineer in its Copilot AI assistant constitute security vulnerabilities. The ...

While the critical-severity flaw in a popular open-source library has seen exploitation, the ‘vast majority’ of organizations will not be vulnerable, according to well-known researcher Kevin Beaumont.

Overview On January 14, NSFOCUS CERT detected that Microsoft released the January Security Update patch, which fixed 112 security issues involving widely used products such as Windows, Microsoft ...

Bug bounty programs have emerged as a cornerstone of modern cybersecurity strategy, fundamentally transforming how organizations approach vulnerability management and security testing. These programs ...

The vulnerability, dubbed Brash, can crash browsers within seconds by flooding the document.title API, and Google’s silence raises questions about its disclosure process. A vulnerability in Chromium’s ...

CISOs whose staff use the commercial Shellter Elite antivirus evasion software to detect vulnerabilities need to immediately update to the latest version after the recent discovery that threat actors ...

CVE-2026-21877, a critical authenticated RCE flaw with CVSS 10.0, fixed in version 1.121.3 after affecting earlier releases.