RC RANDOM CHAOS

vulnerability disclosure

11 posts

curl pauses security report intake for July
Article

curl pauses security report intake for July

curl is closing its vulnerability intake for July 2026 to survive AI-generated report spam, and the precedent it sets for open source disclosure.

GitHub pulls the account, the repos live on
Article

GitHub pulls the account, the repos live on

A board-level analysis of GitHub's ban on a researcher publishing Windows zero-days alongside violent threats, and what it reveals about disclosure risk.

Bitsight found 6,000 unauthenticated fuel gauges online
Article

Bitsight found 6,000 unauthenticated fuel gauges online

6,000 Automatic Tank Gauges are exposed to the internet with no authentication. The protocol, the owners, and why the fix isn't technical.

BitLocker isn't protecting what you think
Article

BitLocker isn't protecting what you think

A systems-level look at what a BitLocker backdoor claim actually means for enterprise security, and how to respond without panic or dismissal.

Torvalds declares Linux security list unmanageable
Article

Torvalds declares Linux security list unmanageable

Linus Torvalds says AI bug hunters have made the Linux security list unmanageable. An operator read on what failed at the intake boundary.

Linux security intake is overwhelmed
Article

Linux security intake is overwhelmed

Linus Torvalds says AI-generated reports have made the Linux kernel security list almost entirely unmanageable. A board-level read on the exposure.

Kernel bug leaks the SSH host key file
Article

Kernel bug leaks the SSH host key file

A Linux kernel flaw disclosed this month can expose SSH host keys. What failed, what it exposes, and what operators must now make true.

Patched Microsoft is still exploitable Microsoft
Article

Patched Microsoft is still exploitable Microsoft

Exchange and Windows 11 were exploited on day two of Pwn2Own. Operator briefing on what is confirmed, what is not, and what must change.

The patch is the payload
Article

The patch is the payload

Three critical Linux kernel LPE findings in two weeks, one introduced by a fix. The defect is the patch pathway, not the bug.

Third party broke kernel LPE embargo
Article

Third party broke kernel LPE embargo

A kernel LPE entered public circulation when a third party broke the disclosure embargo. The control under review was the agreement, not the patch.

Your security pipeline missed 271 bugs
Article

Your security pipeline missed 271 bugs

Mozilla's Anthropic Mythos scan surfaced 271 Firefox 150 vulnerabilities. The delta exposes the limit of single-pipeline vulnerability assurance.