This article describes a framework for testing how AI models, specifically Opus 4.5 and GPT-5.2, generate exploits from vulnerability reports. It focuses on the experiments conducted using a QuickJS vulnerability, outlining the agents' strategies to bypass various security mitigations and achieve their objectives.

A serious security vulnerability in the "@react-native-community/cli" npm package allowed attackers to execute arbitrary OS commands on development servers. The flaw, tracked as CVE-2025-11953, was patched in version 20.0.0 after being discovered by JFrog's security team. Developers using affected versions are at risk if they run the Metro development server.

Researchers have released proof-of-concept exploits for the CitrixBleed2 vulnerability (CVE-2025-5777) affecting Citrix NetScaler devices, which can allow attackers to steal user session tokens through malformed POST requests. Despite Citrix's claims that the flaw is not actively exploited, evidence from cybersecurity experts suggests that attacks have been occurring since mid-June. Organizations are urged to apply patches immediately to mitigate the risk.

CISA has issued a warning about a high-severity arbitrary code execution vulnerability in the Git version control system, tracked as CVE-2025-48384, which is being actively exploited by hackers. Federal agencies must apply patches by September 15th or take alternative security measures. Additionally, two Citrix Session Recording vulnerabilities have also been added to the Known Exploited Vulnerabilities catalog, with the same deadline for remediation.

Millions of Brother printers are affected by a critical vulnerability that allows attackers to generate default admin passwords. The flaw cannot be fully patched through firmware updates, prompting a need for manufacturers to change production processes. Other printer manufacturers are also impacted, highlighting widespread security risks.

Researchers have identified two Secure Boot exploits, with Microsoft addressing only one in its latest security update. The patched vulnerability, affecting over 50 device manufacturers, allows attackers with physical access to disable Secure Boot and potentially install malware before the operating system loads. The exploit's root cause lies in a critical vulnerability in firmware flashing tools used by DT Research, which were improperly authenticated for wider device compatibility.