The voluntary framework would provide legal clarity to third-party AI researchers, including those who study safety and other “unexpected” AI behaviors.

Researchers said the information disclosure zero-day exposes sensitive information that attackers can use to undermine defenses and make other exploits more reliable.

Roughly 100,000 servers running the automated workflow platform for AI and other enterprise tools are potentially exposed to exploitation.

Microsoft closed out the year with 1,139 total defects patched, making it the second-largest year in volume behind 2020, according to Trend Micro.

A debate over actual exploitation is muddying response efforts. Multiple researchers say they’ve observed working proof of concepts while others assert evidence of attacks is lacking.

The open-source code library is one of the most extensively used application frameworks. Wiz found vulnerable versions in around 39% of cloud environments.

The Ivy League school said it was one of almost 100 organizations hit by the simultaneous attacks in August.

The company’s latest security update contains the second-highest number of defects patched so far this year.

The security vendor silently patched a vulnerability, but did not assign the flaw a CVE or publicly disclose its existence until 17 days later. By then, widespread…

The vendors disclosed and patched the defects last summer, but not before advanced attackers exploited the vulnerabilities to likely gain prolonged access for espionage, according to Amazon.