Vulnerability-disclosure is a topic tracked in our intelligence system with 5 linked articles.
Microsoft threatens criminal action against Nightmare Eclipse over a zero-day disclosure and has disabled the researcher’s accounts, highlighting tensions around coordinated vulnerability disclosure.
Security research finds Microsoft Copilot Cowork vulnerable to indirect prompt injection, enabling exfiltration of files via pre-authenticated download links without user approval.
Security researcher discloses React2Shell RCE in React/Flight (CVE-2025-55182); Meta patched within ~17 hours; millions of sites potentially affected.
AI acceleration is upending vulnerability-disclosure norms by speeding detection and patching, pushing for shorter embargoes; the Copy Fail incident illustrates the clash between coordinated disclosure and rapid fixes, with AI tools potentially amplifying both defenders and attackers.
Mozilla says Mythos identified 271 Firefox vulnerabilities in two months with almost no false positives, aided by a custom harness and model improvements.
Kernel vulnerability reports have exploded (2–3 per week years ago to 5–10 per day now), driving more maintainers and prompting a likely shift away from embargoed disclosures toward continuous security maintenance.
Subscribe for real-time topic updates and unlimited access to our intelligence platform.