In a first-ever report from the intelligence community, the US government has revealed that it disclosed 39 zero day vulnerabilities to vendors/public to be patched rather than keep them for NSA/CIA/FBI to exploit in hacking operations. The report, however, doesn't say how many zero days the gov discovered in 2023 that it kept to exploit. And ten of the 39 it did disclose that year, it had already kept secret for an unknown number of years to exploit before deciding to disclose them in 2023. Here's my story:

ZERO DAY

U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, Per First-Ever Report

What the government didn't reveal is how many zero days it discovered in 2023 that it kept to exploit rather than disclose. Whatever that number, i...

Last month as drones over NY/NJ made headlines, a radiation-monitoring site reported spikes in radiation in NY, seemingly supporting a theory that the drones were tracking a dirty bomb on the loose there. Only the spikes were fake. I wrote about how the fake info got reported and how it spread on social media

ZERO DAY

Anatomy of a Nuclear Scare

How fake radiation readings in New York and New Jersey, coupled with a mysterious drone swarm, fueled a nuclear scare and became a harbinger for th...

Dutch researchers @midnightbluelab found a critical zero-click vuln in a photo app enabled by default on Synology storage devices, putting millions of systems at risk of being hacked. They found Synology systems owned by police/law firms/critical infrastructure contractors online and all vulnerable to attack. Synology has called the vuln "critical" and issued a patch last week but apparently didn't notify customers. Synology devices don't have automated update capabilities. Here's my story:

WIRED

Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack

A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers...