2025 marked a special year in the history of vulnerability rewards and bug bounty programs at Google: our 15th anniversary 🎉🎉🎉! Originally started in 2010, our vulnerability reward program (VRP) …
Category:
Safety & Security
OPINION On March 10, 2026, Microsoft patched CVE-2026-26144, a cross-site scripting (XSS) vulnerability in Excel. XSS in Office isn’t anything new, but what makes this XSS different is what happens after …
Safety & Security
Critical sandbox bypass fixed in popular Thymeleaf Java template engine
by David Walker
Endor Labs notes in their report that Thymeleaf has defense-in-depth layers to block dangerous expressions and in this case two of them failed. For example, a string check scanned the …
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness …
Safety & Security
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
by David Walker
Ravie LakshmananApr 17, 2026Vulnerability / Endpoint Security Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. …
As EHS software (What is) vendors increasingly describe their products as AI-powered or machine learning-enabled EHS platforms, safety professionals face a new evaluation challenge: understanding the difference between systems that …
Safety & Security
The Future of Work Looks a Lot Like the Past, Only Faster – SafetyAtWorkBlog
by David Walker
Australian lawyer Michael Tooma is always worth listening to, and he recently participated in a webinar titled “When AI Watches Work: Monitoring Workers and Psychosocial Risks!” hosted …
Responding is Jasper Rouget, vice president of sales, North America, Breadcrumb, San Francisco. Developing a safety program is challenging and time-consuming. Yet, for many construction teams, the program in the …
Posted by Jiacheng Lu, Software Engineer, Google Pixel Team Google is continuously advancing the security of Pixel devices. We have been focusing on hardening the cellular baseband modem against exploitation. …
In 2003, 55 million people lost power across the US and Canada because of a software bug and a failure to communicate. Nobody attacked anything. And more than two decades …