Safeguard
Tag

zero-day

Safeguard articles tagged "zero-day" — guides, analysis, and best practices for software supply chain and application security.

80 articles

AI Security

Exploit Path Synthesis: Griffin AI vs Mythos

Finding a bug is not the same as proving it is exploitable. How Griffin AI synthesises concrete exploit paths and why pure-LLM scanners rarely get past the sketch stage.

Feb 3, 20266 min read
Vulnerability Management

Automated Zero-Day Discovery: How AI Is Changing Vulnerability Research

AI-powered fuzzing and code analysis are accelerating zero-day discovery. Here's what that means for defenders.

Feb 3, 20266 min read
AI Security

CWE Classification Accuracy: Griffin AI vs Mythos

Getting the CWE right is not a taxonomic hobby. It drives remediation, compliance mapping, and detection engineering. Here is how grounded and pure-LLM scanners compare.

Jan 26, 20266 min read
AI Security

The Disproof Step: Griffin AI vs Mythos

Most AI bug hunters skip the hardest step: trying to kill their own findings. Here is why Griffin AI's disproof pass is the single biggest lever on false-positive rate.

Jan 19, 20265 min read
Vulnerability Analysis

libwebp heap buffer overflow zero-day (CVE-2023-4863)

A heap buffer overflow in libwebp, actively exploited in a zero-click iOS spyware chain, exposed browsers, Electron apps, and containers alike.

Jan 16, 20268 min read
AI Security

Hypothesis Quality: Griffin AI vs Mythos

Two AI bug hunters can both generate hypotheses. Only one can defend them. A field study of grounded versus ungrounded hypothesis generation in zero-day discovery.

Jan 12, 20266 min read
AI Security

Zero-Day Discovery Pipelines: Griffin AI vs Mythos

A candid look at how Griffin AI's three-stage zero-day pipeline compares to pure-LLM Mythos-class bug hunters, and why false positive rates matter more than raw volume.

Jan 5, 20266 min read
Vulnerability Analysis

SAP NetWeaver CVE-2025-31324: Unrestricted File Upload Zero-Day

A critical file upload vulnerability in SAP NetWeaver Visual Composer was exploited to deploy web shells on enterprise SAP systems. The flaw required no authentication and scored 10.0 on CVSS.

Apr 24, 20255 min read
Vulnerability Analysis

Ivanti Connect Secure CVE-2025-22457: Another Critical Zero-Day, Same Product

A stack-based buffer overflow in Ivanti Connect Secure was exploited by Chinese threat actors just months after the previous zero-day in the same product. The vulnerability was initially misclassified as low-risk.

Apr 3, 20255 min read
Vulnerability Analysis

Chrome Zero-Day CVE-2025-2783: Sandbox Escape Used in Espionage Campaign

Kaspersky discovered a Chrome zero-day being exploited in a targeted espionage campaign dubbed Operation ForumTroll. The flaw broke Chrome's sandbox with no user interaction beyond clicking a link.

Mar 25, 20255 min read
Zero-Day Analysis

Apple WebKit Zero-Day CVE-2025-24201: Out-of-Bounds Write Exploited in the Wild

Apple patched CVE-2025-24201, a WebKit zero-day that allowed sandbox escape through malicious web content. Here's the technical breakdown.

Mar 12, 20256 min read
Zero-Day Analysis

Broadcom VMware Zero-Days March 2025: ESXi, Workstation, and Fusion Under Active Attack

Three VMware zero-days exploited in the wild in March 2025 let attackers escape virtual machine sandboxes. Broadcom patched, but the damage window was wide open.

Mar 4, 20256 min read
zero-day (Page 4) — Safeguard Blog