Hackread.com📢⚠️ Researchers revealed 20-year-old #PostgreSQL flaws at Wiz’s ZeroDay.Cloud hacking event, exposing critical pgcrypto vulnerabilities that could lead to code execution.
Read: https://hackread.com/wiz-zeroday-cloud-event-postgresql-vulnerabilities/
XintAnthropic is (rightfully) generating a lot of attention for Mythos’s ability to find 0days, BUT the hard problem is not whether an LLM can recognize a bug when pointed at it; it is whether a system can find the right code to examine across a 9-million-line codebase, distinguish the one real vulnerability from the hundreds of theoretical weaknesses the model will flag along the way, and deliver output a developer can act on without wasting a week on false positives.
This is something Xint has been doing since our wins at AIxCC and #ZeroDayCloud last year. We wanted to see if using publicly available models with the right scaffolding would reach the same performance as the latest limited-release frontier model under **real world conditions**
In this research paper not only did we find all the same bugs highlighted in Anthropic’s report, but found an additional 12 mid- to high-severity vulnerabilities not included in their public disclosures.
Check out the full report here:
Xint Mythos AppSec Findings Report
This white paper presents findings from Xint Code against the same codebases Anthropic tested. Using its standard scanning pipeline, Xint Code reproduced the key vulnerability classes Anthropic showcased, identified every flagship vulnerability highlighted in the Mythos public disclosure, and discovered twelve additional zero-day vulnerabilities in the same codebases that were not part of Anthropic's announcement. No functions were pre-selected. No human guided the scan.
Marcel SIneM(S)US#ZerodayCloud: Hacker-Wettbewerb winkt mit 4,5 Millionen US-Dollar Preisgeld | Security https://www.heise.de/news/Zeroday-Cloud-Hacker-Wettbewerb-winkt-mit-4-5-Millionen-US-Dollar-Preisgeld-10778248.html #Hacking #BugBounty
