Hacker News with Generative AI: Software Vulnerabilities

Microsoft isn't fixing 8-year-old shortcut exploit abused for spying (theregister.com)
An exploitation avenue found by Trend Micro has been used in an eight-year-long spying campaign, but there's no sign of a fix from Microsoft, which apparently considers this a low priority.
Cybersecurity, Software Vulnerabilities, Microsoft, Espionage
33 points by rntn 17 days ago | 13 comments
Hugging Face datasets and models for cybersecurity/sofwtare vulnerabilities (huggingface.co)
CIRCL is the CERT (Computer Emergency Response Team/Computer Security Incident Response Team) for the private sector, communes and non-governmental entities in Luxembourg.
Cybersecurity, Software Vulnerabilities, Machine Learning, Datasets
7 points by cedricbonhomme 26 days ago | 1 comments
U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, First-Ever Report (zetter-zeroday.com)
In a first-of-its-kind report, the US government has revealed that it disclosed 39 zero-day software vulnerabilities to vendors or the public in 2023 for the purpose of getting the vulnerabilities patched or mitigated, as opposed to retaining them to use in hacking operations.
Cybersecurity, Government, Software Vulnerabilities, Zero-Day Vulnerabilities
221 points by jc_811 58 days ago | 148 comments
Zizmor would have caught the Ultralytics workflow vulnerability (yossarian.net)
TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.
Security, Workflow, Software Vulnerabilities
81 points by campuscodi 118 days ago | 23 comments
CVE-2024-29510 – Exploiting Ghostscript using format strings (codeanlabs.com)
Security, Software Vulnerabilities, Programming, Exploits
41 points by ThomasRinsma 277 days ago | 9 comments
"90% of Java services have critical or security vulnerabilities" (vived.substack.com)
Java, Security, Software Vulnerabilities
12 points by mihau 344 days ago | 3 comments