Upwind’s Head of Security Research Moshiko Hassan, MDR Lead Omer Idel, and Head of Marketing Denise Ashur discuss the GitHub Actions supply chain compromise, including how widespread it is and what users should do to mitigate.
Upwind’s Head of Security Research Moshiko Hassan, MDR Lead Omer Idel, and Head of Marketing Denise Ashur discuss the GitHub Actions supply chain compromise, including how widespread it is and what users should do to mitigate.
A critical vulnerability in sudo (Changelog v1.9.14–1.9.17) allows local users to gain root access via the –chroot (-R) option. This flaw carries a CVSS 3.1 score of 9.3 (Critical). Affected Versions Platform Coverage Why This Matters This flaw originates from a change introduced in sudo 1.9.14. Path resolution began occurring within the chroot environment before the […]
A newly disclosed vulnerability in Python’s standard library, CVE-2024-12718, allows attackers to modify file metadata or file permissions outside the intended extraction directory. This issue affects systems running Python 3.12 and above when using tarfile.extract() or tarfile.extractall() with the filter parameter set to “data” or “tar”. Though the vulnerability does not allow direct code execution, […]
For the first time, a zero-day vulnerability in the Linux kernel has been discovered using a large language model, OpenAI’s o3. Discovered by security researcher Sean Heelan and assigned CVE-2025-37899, this vulnerability marks a milestone not just in cybersecurity but in the integration of AI into vulnerability research. It also raises serious questions about the […]