<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
  <channel>
    <title>Vulnerability on IT News</title>
    <link>https://it-news.uk/tags/vulnerability/</link>
    <description>Recent content in Vulnerability on IT News</description>
    <generator>Hugo</generator>
    <language>en-us</language>
    <lastBuildDate>Mon, 06 Jul 2026 00:00:00 +0800</lastBuildDate>
    <atom:link href="https://it-news.uk/tags/vulnerability/index.xml" rel="self" type="application/rss+xml" />
    <item>
      <title>Hackers Now Exploit Public Vulnerabilities in Under 2 Hours, Zero Day Clock Shows</title>
      <link>https://it-news.uk/posts/hackers-exploit-vulnerabilities-in-two-hours-zero-day-clock/</link>
      <pubDate>Mon, 06 Jul 2026 00:00:00 +0800</pubDate>
      <guid>https://it-news.uk/posts/hackers-exploit-vulnerabilities-in-two-hours-zero-day-clock/</guid>
      <description>&lt;p&gt;The window between a vulnerability going public and attackers actively exploiting it has shrunk from weeks to hours. A new visualization project called Zero Day Clock is putting hard numbers on just how fast the threat landscape is accelerating.&lt;/p&gt;</description>
    </item>
    <item>
      <title>&#39;Bad Epoll&#39; Linux Vulnerability Gives Attackers Root Access — Android Phones Are Affected Too</title>
      <link>https://it-news.uk/posts/bad-epoll-linux-vulnerability-root-access-android/</link>
      <pubDate>Sun, 05 Jul 2026 00:00:00 +0800</pubDate>
      <guid>https://it-news.uk/posts/bad-epoll-linux-vulnerability-root-access-android/</guid>
      <description>&lt;p&gt;Jaeyoung Chung, a security researcher at Seoul National University, found something worrying in the Linux kernel earlier this year. The vulnerability, now tracked as CVE-2026-46242 and nicknamed &amp;ldquo;Bad Epoll,&amp;rdquo; lives in the epoll subsystem, a core piece of the Linux kernel that handles how applications respond to I/O events. It earned a CVSS score of 7.8, putting it in the high-severity bucket, and its reach extends well beyond desktop Linux.&lt;/p&gt;</description>
    </item>
    <item>
      <title>New &#39;DirtyClone&#39; Linux Vulnerability Lets Attackers Gain Root Access — CVSS 8.8</title>
      <link>https://it-news.uk/posts/dirtyclone-linux-vulnerability-root-access-cve-2026/</link>
      <pubDate>Sat, 27 Jun 2026 00:00:00 +0800</pubDate>
      <guid>https://it-news.uk/posts/dirtyclone-linux-vulnerability-root-access-cve-2026/</guid>
      <description>&lt;p&gt;Another week, another Linux kernel bug with roots in how the system handles memory. This time it&amp;rsquo;s DirtyClone, tracked as CVE-2026-43503 and carrying a CVSS score of 8.8 — high severity, local privilege escalation, and potentially worse.&lt;/p&gt;</description>
    </item>
    <item>
      <title>360 Unveils &#39;Heavenly Sword and Dragon Saber&#39; AI Security Duo to Rival Anthropic&#39;s Mythos</title>
      <link>https://it-news.uk/posts/360-zhou-hongyi-ai-security-yitian-tulong/</link>
      <pubDate>Wed, 24 Jun 2026 21:00:00 +0800</pubDate>
      <guid>https://it-news.uk/posts/360-zhou-hongyi-ai-security-yitian-tulong/</guid>
      <description>&lt;p&gt;At the ISC.AI 2026 conference in Beijing, 360 founder Zhou Hongyi unveiled the company&amp;rsquo;s two-pronged AI security strategy — an automated vulnerability discovery agent codenamed &amp;ldquo;Tulong Feng&amp;rdquo; and an autonomous defense system called &amp;ldquo;Yitian Array&amp;rdquo; — positioning them as China&amp;rsquo;s direct response to Anthropic&amp;rsquo;s restricted Mythos model.&lt;/p&gt;</description>
    </item>
    <item>
      <title>Critical FFmpeg Vulnerability Lets Attackers Hijack Systems via Malicious Video Files</title>
      <link>https://it-news.uk/posts/ffmpeg-critical-vulnerability-cve-2026-8461/</link>
      <pubDate>Tue, 23 Jun 2026 20:48:00 +0800</pubDate>
      <guid>https://it-news.uk/posts/ffmpeg-critical-vulnerability-cve-2026-8461/</guid>
      <description>&lt;p&gt;A critical security vulnerability has been discovered in FFmpeg, the world&amp;rsquo;s most widely deployed open-source multimedia framework, that allows attackers to hijack systems simply by getting them to process a maliciously crafted video file. The vulnerability, tracked as CVE-2026-8461 with a CVSS severity score of 8.8 out of 10, has already been patched in an emergency release.&lt;/p&gt;</description>
    </item>
  </channel>
</rss>
