Hacker News with Generative AI: Software Vulnerabilities

Microsoft isn't fixing 8-year-old shortcut exploit abused for spying (theregister.com)
An exploitation avenue found by Trend Micro has been used in an eight-year-long spying campaign, but there's no sign of a fix from Microsoft, which apparently considers this a low priority.
Hugging Face datasets and models for cybersecurity/sofwtare vulnerabilities (huggingface.co)
CIRCL is the CERT (Computer Emergency Response Team/Computer Security Incident Response Team) for the private sector, communes and non-governmental entities in Luxembourg.
U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, First-Ever Report (zetter-zeroday.com)
In a first-of-its-kind report, the US government has revealed that it disclosed 39 zero-day software vulnerabilities to vendors or the public in 2023 for the purpose of getting the vulnerabilities patched or mitigated, as opposed to retaining them to use in hacking operations.
Zizmor would have caught the Ultralytics workflow vulnerability (yossarian.net)
TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.
CVE-2024-29510 – Exploiting Ghostscript using format strings (codeanlabs.com)
"90% of Java services have critical or security vulnerabilities" (vived.substack.com)