You demonstrate a fileless RCE chain. Complex delivery, in-memory execution, zero detections, confirmed working on multiple devices.

The vendor reviews it twice, involves engineering, then tells you:

"Your research demonstrates a complex chain for delivering and executing code."

...and closes it as 'intended behavior. Not a platform vulnerability.'

Question: is it a vulnerability?

Follow-up: does your answer change if the attack surface exists *between* components — where no single owner's scope definition covers the full chain?

Asking because I have a paper dropping soon about that.

#VRP #responsibleDisclosure #semanticGap #infosec #securityResearch

⚽ New Blog Post: I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.

Registered on FIFA's public Agent Platform, got added to their Entra tenant, and accessed the Streaming Management panel for every live World Cup 2026 match. RTMP ingest URLs, stream keys, all five camera angles. Confirmed live in VLC. An attacker could have replaced live camera feeds on TV worldwide.

Full writeup: https://bobdahacker.com/blog/fifa-hack

#InfoSec #BugBounty #ResponsibleDisclosure #FIFA #WorldCup #Security #CyberSecurity #RTMP #BrokenAccessControl

https://deadeclipse666.blogspot.com/2026/03/
Yeah, well, presumably Microsoft corporation or someone who works at it is the one who did that to you, not all users of affected Microsoft products. So shut the fuck up.
I fucking hate people who punish or blame innocents in their blind rage.

#ethics #cybersecurity #responsibledisclosure #NightmareEclipse #Microsoft #Windows

Auf der @gulasch in Karlsruhe haben wir gemeinsam mit der @informatik und @Anoxinon einen Workshop zum #Computerstrafrecht und dem sogenannten #Hackerparagraph gehalten. Jeder Stuhl im Raum war besetzt, die Warteliste lang.

Das freut uns; zeigt aber vor allem, wie groß der Gesprächsbedarf beim Thema #ResponsibleDisclosure ist.

➡️https://load-ev.de/2026/06/11/gpn24-rueckblick/

Foto: @ieke und @carlamelee auf der #GPN24

Microsoft Revives Vulnerability Disclosure Debate with Researcher Crackdown

Microsoft is stirring up controversy in the vulnerability disclosure debate, clashing with a security researcher over the responsible handling of zero-day vulnerabilities. The tech giant's strong response, including threats of legal action, has sparked heated discussion on coordinated disclosure.

https://osintsights.com/microsoft-revives-vulnerability-disclosure-debate-with-researcher-crackdown?utm_source=mastodon&utm_medium=social

#VulnerabilityDisclosure #CoordinatedDisclosure #ZeroDay #Microsoft #ResponsibleDisclosure

California Back & Pain Specialists exposed 133GB of patient PHI on a public server (3,400+ driver’s licenses + full medical records).

After responsible disclosure, AWS took it offline. Company remains silent.

#DataBreach #CyberSecurity #HIPAA #ResponsibleDisclosure #Healthcare

Full report

https://write-ups.security-chu.com/2026/06/California-Back-Pain-Specialists-with-data-breach.html

@PogoWasRight

AI-Powered Vulnerability Disclosure Forces Urgent Remediation Push

The era of reactive vulnerability disclosure is over - it's time for a coordinated, global effort to stay ahead of AI-powered threats, involving governments, software vendors, and emergency responders. With AI now capable of identifying exploitable vulnerabilities at unprecedented…

https://osintsights.com/ai-powered-vulnerability-disclosure-forces-urgent-remediation-push?utm_source=mastodon&utm_medium=social

#AipoweredVulnerabilityDisclosure #ResponsibleDisclosure #ArtificialIntelligence #VulnerabilityManagement #EmergingThreats

Some more context regarding the topic of responsible disclosure I shared last week: https://www.pcmag.com/news/microsoft-threatens-researcher-over-bug-reports-triggers-cybersecurity

Microsoft's vulnerability disclosure program seems to be a bit... unfair in terms of how it treats researchers that share their reports with the company. At least according to some who have publicly spoken about it.

#cybersecurity #security #infosec #vulnerability #responsibledisclosure #microsoft

#Microsoft walks back its threat to pursue those who don't disclose responsibly as criminals. They don't apologize, but merely "clarify" their position in a post on X.com today. Since their statement doesn't seem to be on their blog, I am linking to x.com:

https://x.com/msftsecresponse/status/2061293718942908925

This is the type of threat to researchers that @zackwhittaker and I had been looking at in our survey on threats to journalists and researchers. It was impressive to see all of the experts like @GossiTheDog speaking up to slam Microsoft for their blog post of May 27.

Confronted with overwhelming criticism by the security community, Microsoft stepped back.

#responsibledisclosure #Microsoft