Tagged articles

vulnerability research

9 articles · Page 1 of 1
Black & White Path
Black & White Path
Jul 5, 2026 · Information Security

How an Open‑Source Orchestration Framework Lets Any LLM Find Zero‑Day Bugs

The article demonstrates that vulnerability discovery depends on a flexible orchestration harness rather than on exclusive frontier LLMs, using the open‑source IronCurtain framework with commercial and open‑weight models to reproduce a 27‑year‑old OpenBSD bug and uncover new zero‑day flaws in widely used projects, while analysing costs, workflow design, and security implications.

AI orchestrationIronCurtainLLM security
0 likes · 13 min read
How an Open‑Source Orchestration Framework Lets Any LLM Find Zero‑Day Bugs
Black & White Path
Black & White Path
Jul 3, 2026 · Information Security

The One API Line That Separates You From Top Hackers

The article argues that the bottleneck in security research is information scarcity, not talent, and introduces Preview—a RAG platform that indexes recent write‑ups and provides a simple API allowing AI agents to retrieve up‑to‑date vulnerability details, overcoming frozen LLM knowledge and delivering raw source links for accurate exploitation.

AI securityAPIRAG
0 likes · 9 min read
The One API Line That Separates You From Top Hackers
Black & White Path
Black & White Path
Jun 6, 2026 · Information Security

Over 200K Sensitive Docs Exposed by Online JSON Formatters Over Seven Years

Security researchers uncovered more than 200,000 documents—including cloud access keys, SSH keys, tax forms and bank statements—leaked from JSONFormatter.org and CodeBeautify.org over seven years, accessible via predictable unauthenticated URLs, and demonstrated that attackers can exploit such data within 48 hours.

JSON formatterSSH keyscloud keys
0 likes · 8 min read
Over 200K Sensitive Docs Exposed by Online JSON Formatters Over Seven Years
Black & White Path
Black & White Path
Apr 9, 2026 · Information Security

When AI Steals Jobs: Lessons from Claude Mythos Ban for Security Professionals

Anthropic’s decision to withhold the powerful Claude Mythos model sparked a joint industry effort called Project Glasswing, revealing how AI can dramatically accelerate vulnerability discovery and prompting security professionals to rethink their roles, adopt AI tools, and evolve their skill sets.

AI securityClaude MythosProject Glasswing
0 likes · 9 min read
When AI Steals Jobs: Lessons from Claude Mythos Ban for Security Professionals
Smart Era Software Development
Smart Era Software Development
Nov 2, 2024 · Information Security

How an LLM Discovered a Real‑World SQLite Stack Buffer Overflow

Google’s Big Sleep AI agent, built on the Project Naptime framework, used a large language model to analyze recent SQLite commits, identify a previously unknown stack‑buffer‑underflow bug, and generate a reproducible test case, demonstrating that LLMs can effectively perform real‑world vulnerability research.

AI securityBig SleepFuzzing
0 likes · 17 min read
How an LLM Discovered a Real‑World SQLite Stack Buffer Overflow
AntTech
AntTech
Nov 6, 2023 · Information Security

Ant Group's Tianqiu Light-Year Security Research Team Wins Tianfu Cup International Cybersecurity Competition with Groundbreaking Exploits

The Tianqiu Light-Year Security Research Team from Ant Group secured the championship and Best Product Cracking Award at the 2023 Tianfu Cup International Cybersecurity Competition by achieving five high‑impact exploits, including a first‑ever VMware ESXi VM escape, Chrome remote code execution, and Adobe Reader defense bypass.

Adobe ReaderChrome RCETianfu Cup
0 likes · 6 min read
Ant Group's Tianqiu Light-Year Security Research Team Wins Tianfu Cup International Cybersecurity Competition with Groundbreaking Exploits
Programmer DD
Programmer DD
Dec 19, 2021 · Information Security

How CodeQL and LGTM Uncovered a Log4j2 0‑Day: Inside the CWE‑074 Rule

Using LGTM’s online CodeQL scanner, the author demonstrates how a 2020 CWE‑074 rule can automatically detect a Log4j2 0‑day vulnerability, explains the rule’s data‑flow logic, and provides step‑by‑step instructions for scanning open‑source projects and responsibly handling discovered exploits.

CWE-074CodeQLLGTM
0 likes · 7 min read
How CodeQL and LGTM Uncovered a Log4j2 0‑Day: Inside the CWE‑074 Rule