Hacker News with Generative AI: Zero-Day Vulnerability

How I used o3 to find a remote 0-day vulnerability in the Linux kernel (ksmbd) (heelan.io)
In this post I’ll show you how I found a zeroday vulnerability in the Linux kernel using OpenAI’s o3 model. I found the vulnerability with nothing more complicated than the o3 API – no scaffolding, no agentic frameworks, no tool use.

Security, Linux Kernel, AI, OpenAI, Zero-Day Vulnerability

15 points by seanheelan 1 day ago | 3 comments

SAMLStorm: Critical Authentication Bypass in XML-crypto and Node.js libraries (workos.com)
On Tuesday, March 4, 2025, WorkOS received a critical security report from researcher Alexander Tan (ahacker1) detailing a zero-day vulnerability in the widely used xml-crypto and SAML libraries in the Node.js ecosystem. This flaw allows attackers to forge SAML authentication responses, potentially granting unauthorized access to any user account in affected applications—including admin accounts—without any user interaction. If exploited, this vulnerability could enable full account takeovers across organizations relying on SAML-based single sign-on (SSO).

Security, Node.js, Authentication, SAML, Zero-Day Vulnerability

10 points by grinich 70 days ago | 0 comments

Windows Themes zero-day bug exposes users to NTLM credential theft (theregister.com)
There's a Windows Themes spoofing zero-day bug on the loose that allows attackers to steal people's NTLM credentials.

Security, Windows, Zero-Day Vulnerability, Credentials, NTLM

3 points by LinuxBender 204 days ago | 0 comments