Command Injection Bug in OpenAI Codex Exposed GitHub OAuth Tokens
The bug is a command injection issue and lies in the way that Codex processed GitHub branch names during the execution of tasks.
All topics
Vulnerability
22 Posts
The Wild, Wild World of Exploits With Caitlin Condon
The process of developing and deploying exploits is a complex and controversial one and it’s often a black box to outside observers. To help shine a light on how this all works, Caitlin Condon of VulnCheck joins Dennis Fisher for a deep dive into the zero day exploit landscape, what goes into exploit development, and […]
Google: Commercial Surveillance Vendors Dominated Zero-Day Exploitation in 2025
Out of 42 unique zero days tracked by Google in 2025, 18 were attributed to CSVs, while 15 were linked to state-sponsored espionage groups.
Q&A: Tod Beardsley on How to Use CISA’s KEV Catalog
Without context, the KEV catalog is just a very large collection of data. Tod Beardsley is the former CISA KEV section chief, and he recently released a paper called KEVology that provides key context and evaluates the value of certain enrichment signals.
We Need to Talk About KEV With Tod Beardsley
Tod Beardsley, VP of security research at runZero and former KEV section chief at CISA, joins Dennis Fisher to talk about the evolution of the Known Exploited Vulnerabilities catalog, how much value defenders should place on a specific bug being in the KEV, and his new KEVology report that breaks down all of the data […]
Cisco, NSA Warn of Attacks Targeting Catalyst SD-WAN Zero Day
Cisco released software updates on Feb. 25 to fix the vulnerability, which affects both on-premises and cloud deployments of the Catalyst SD-WAN Controller.