vulnerability disclosure
7 posts
Bitsight found 6,000 unauthenticated fuel gauges online
6,000 Automatic Tank Gauges are exposed to the internet with no authentication. The protocol, the owners, and why the fix isn't technical.
Torvalds declares Linux security list unmanageable
Linus Torvalds says AI bug hunters have made the Linux security list unmanageable. An operator read on what failed at the intake boundary.
Linux security intake is overwhelmed
Linus Torvalds says AI-generated reports have made the Linux kernel security list almost entirely unmanageable. A board-level read on the exposure.
Kernel bug leaks the SSH host key file
A Linux kernel flaw disclosed this month can expose SSH host keys. What failed, what it exposes, and what operators must now make true.
Patched Microsoft is still exploitable Microsoft
Exchange and Windows 11 were exploited on day two of Pwn2Own. Operator briefing on what is confirmed, what is not, and what must change.
The patch is the payload
Three critical Linux kernel LPE findings in two weeks, one introduced by a fix. The defect is the patch pathway, not the bug.
Third party broke kernel LPE embargo
A kernel LPE entered public circulation when a third party broke the disclosure embargo. The control under review was the agreement, not the patch.