Aisle Discovers 6 New CVEs in Curl, Including the Oldest Issue Ever Reported

https://aisle.com/blog/aisle-discovers-6-new-cves-in-curl-including-the-oldest-issue-ever-reported

#HackerNews #Aisle #Curl #CVEs #cybersecurity #vulnerability #discovery

#OpenSource #security sustainability isn't about working harder. It's about structure that holds when the volume spikes.

Yesterday we kicked off a new @openjsf CNA initiative: an #API that lets each project own its own #CVEs.

https://youtu.be/HkePMUn0rKs?si=9eHqP0wXPrI-ISC-&t=242

You scanned dependencies last month. 👍 But 47 new #CVEs dropped since then. 😵‍💫

The gap between periodic scans is where risk lives. When a critical vulnerability hits, can you instantly tell which apps are affected?

This on-demand webinar covers continuous #SBOM monitoring, #EPSS scoring for active exploits, and #VEX for cutting false positives, without adding ops work.

https://www.amazee.io/resources/webinar/uncover-hidden-vulnerabilities-with-dependency-track

Memory safety CVEs differ between Rust and C/C++

https://kobzol.github.io/rust/2026/06/15/how-memory-safety-cves-differ-between-rust-and-c-cpp.html

#HackerNews #MemorySafety #Rust #C/C++ #CVEs #Cybersecurity

OK nerds, time to #patch your #Ubiquiti gear – 5 #vulns advised, 3 of them #CVSS 10s… 🙃

Security Advisory Bulletin 064

https://community.ui.com/releases/Security-Advisory-Bulletin-064-064/84811c09-4cf4-42ab-bd61-cc994445963b

#CVE
#CVEs  

🎙️ The #FIRSTImpressionsPodcast is back for the 2026 conference season!
Tune in to the newest episode at: https://media.first.org/podcasts/FIRST_Impressions-MorLior.mp3

In this episode, podcasters interview Mor Weinberger and Lior Kaplan to preview their #FIRSTCON26 session: “From Discovery to Fix: What 10,000 Open Source Projects Reveal About CVE Remediation”

The conversation dives into:
🔹 Why 90% of #CVEs already have fixes available
🔹 Why #remediation still takes months
🔹 How AI is accelerating vulnerability discovery
🔹 The hidden complexity of open source supply chains
🔹 Practical ways organizations can reduce risk today

New episodes drop every Friday leading up to FIRSTCON, featuring previews of conference talks and conversations with presenters across the global incident response community.

📍FIRST Conference 2026
June 14–19 | Denver, Colorado

Secure your seat today: https://www.first.org/conference/2026/registration

#FIRSTCON26 #CyberSecurity #OpenSource #VulnerabilityManagement #CVE #DevSecOps #SupplyChainSecurity

Pre-announce Bind vulns (20th May) #threatintel #cves

https://lists.isc.org/pipermail/bind-announce/2026-May/001294.html

Resulting from funding gaps and idiotic shifts in priorities the U.S.A. is now woefully under investing in our core CyberDefense Ecosystem....

National Institute of Standards and Technology (NIST) is no longer enhancing all Common Vulnerabilities and Exposures (CVEs) with analysis and severity indicators, and instead NIST will prioritize enriching a much narrower set of security vulnerabilities.

Related: In April 2025, a funding gap by in DHS appropriations threatened to cease CVE operations entirely —which would have creating systemic risk for global vulnerability management. An emergency funding extension was implemented to avoid a full on crisis. https://www.justsecurity.org/136914/nist-cant-keep-up/ #NIST #MITRE #CVEs #NVD #Security #Risk #CyberSecurity #CyberDefence #CyberInfrastructure #AI #AISecurity #CISA #DHS #Vulnerability #ThreatIntelligence