vulnerability assessment

Vigolium: Open-source vulnerability scanner

Don't miss, GitHub, News, open source, scanner, software, vulnerability assessment /

Vigolium: Open-source vulnerability scanner 2026-05-27 at 09:24 By Anamarija Pogorelec Vigolium, an open-source vulnerability scanner that combines deterministic scanning with AI-driven auditing, launched its initial open-source release this month. The project ships 235+ scanner modules and an in-process agent runtime called olium that handles autonomous endpoint discovery, attack planning, and finding triage. The tool exposes […]

Vigolium: Open-source vulnerability scanner Read More »

Cisco refines its risk-based vulnerability disclosure for the AI era

AI, Cisco, cybersecurity, News, vulnerability assessment /

Cisco refines its risk-based vulnerability disclosure for the AI era 2026-05-25 at 21:27 By Sinisa Markovic Security teams already struggle with long lists of vulnerabilities and limited time to patch them. Cisco believes AI could increase that pressure by accelerating vulnerability discovery and increasing the number of findings security teams need to review. The company

Cisco refines its risk-based vulnerability disclosure for the AI era Read More »

CVE Lite CLI: Open-source dependency vulnerability scanner

Don't miss, GitHub, News, open source, OWASP, scanner, software, software development, vulnerability assessment /

CVE Lite CLI: Open-source dependency vulnerability scanner 2026-05-20 at 09:34 By Mirko Zorz Dependency vulnerability scanning in JavaScript and TypeScript projects has long sat at the end of the development pipeline. Pull requests get opened, continuous integration runs, and a security scanner returns a list of CVE identifiers that developers then have to triage hours

CVE Lite CLI: Open-source dependency vulnerability scanner Read More »

AI is drowning software maintainers in junk security reports

AI, bug bounty, Don't miss, GitHub, Hot stuff, Linux, News, open source, vulnerability assessment, vulnerability disclosure /

AI is drowning software maintainers in junk security reports 2026-05-18 at 21:32 By Zeljka Zorz AI-assisted vulnerability research has exploded, unleashing a firehose of low-quality reports on overworked software maintainers who are wasting hours sifting through noise instead of fixing real problems. Linus Torvalds, the Linux kernel’s creator, says the flood has made the project’s

AI is drowning software maintainers in junk security reports Read More »

NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward

CVE, Don't miss, ENISA, Hot stuff, News, NIST, vulnerability assessment, vulnerability management /

NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward 2026-04-16 at 19:48 By Zeljka Zorz NIST is overhauling how it manages the National Vulnerability Database (NVD) and switching to a risk-based model that prioritizes “enrichment” of only the most critical CVE-numbered security vulnerabilities. “This change is driven by a surge in

NIST admits defeat on NVD backlog, will enrich only highest-risk CVEs going forward Read More »

Anthropic’s new AI model finds and exploits zero-days across every major OS and browser

Anthropic, Artificial Intelligence, automation, Don't miss, Hot stuff, News, vulnerability, vulnerability assessment /

Anthropic’s new AI model finds and exploits zero-days across every major OS and browser 2026-04-08 at 08:12 By Anamarija Pogorelec Automated vulnerability discovery tools have existed for decades, and the gap between finding a bug and building a working exploit has always slowed attackers. That gap is now substantially narrower. Anthropic’s Claude Mythos Preview, a

Anthropic’s new AI model finds and exploits zero-days across every major OS and browser Read More »

CISA looks to partners to shore up the future of the CVE Program

CISA, CVE, Don't miss, Government, Hot stuff, MITRE, News, USA, vulnerability assessment /

CISA looks to partners to shore up the future of the CVE Program 2025-09-12 at 15:32 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has affirmed its continuing support for the Common Vulnerabilities and Exposures (CVE) program. “If we want to outpace and outmaneuver our adversaries, we must first ensure that defenders

CISA looks to partners to shore up the future of the CVE Program Read More »

Review: From Day Zero to Zero Day

books, Don't miss, how-to, News, Review, Reviews, skill development, strategy, tips, vulnerability assessment /

Review: From Day Zero to Zero Day 2025-08-11 at 08:02 By Mirko Zorz From Day Zero to Zero Day is a practical guide for cybersecurity pros who want to move beyond reading about vulnerabilities and start finding them. It gives a methodical look at how real vulnerability research is done. About the author Eugene Lim

Review: From Day Zero to Zero Day Read More »

New AI model offers faster, greener way for vulnerability detection

Artificial Intelligence, cybersecurity, Don't miss, Features, Hot stuff, LLMs, News, research, vulnerability assessment /

New AI model offers faster, greener way for vulnerability detection 2025-07-31 at 08:33 By Mirko Zorz A team of researchers has developed a new AI model, called White-Basilisk, that detects software vulnerabilities more efficiently than much larger systems. The model’s release comes at a time when developers and security teams face mounting pressure to secure

New AI model offers faster, greener way for vulnerability detection Read More »

Artemis: Open-source modular vulnerability scanner

Don't miss, GitHub, Hot stuff, News, open source, penetration testing, scanner, scanning, software, vulnerability assessment /

Artemis: Open-source modular vulnerability scanner 2025-07-30 at 09:00 By Mirko Zorz Artemis is an open-source modular vulnerability scanner that checks different aspects of a website’s security and translates the results into easy-to-understand messages that can be shared with the organizations being scanned. “The most important feature of the tool is report generation. Besides scanning, it

Artemis: Open-source modular vulnerability scanner Read More »

OWASP Nettacker: Open-source scanner for recon and vulnerability assessment

cybersecurity, Don't miss, GitHub, News, open source, OWASP, scanning, software, vulnerability assessment /

OWASP Nettacker: Open-source scanner for recon and vulnerability assessment 2025-06-11 at 09:01 By Mirko Zorz OWASP Nettacker is a free, open-source tool designed for network scanning, information gathering, and basic vulnerability assessment. Built and maintained by the OWASP community, Nettacker helps security pros automate common tasks like port scanning, service detection, and brute-force attacks. It

OWASP Nettacker: Open-source scanner for recon and vulnerability assessment Read More »

NIST proposes new metric to gauge exploited vulnerabilities

CISA, CISO, Don't miss, News, NIST, patching, security metrics, vulnerability assessment, vulnerability management /

NIST proposes new metric to gauge exploited vulnerabilities 2025-05-26 at 08:06 By Help Net Security NIST has introduced a new way to estimate which software vulnerabilities have likely been exploited, and it’s calling on the cybersecurity community to help improve and validate the method. The new metric, “Likely Exploited Vulnerabilities” (LEV), aims to close a

NIST proposes new metric to gauge exploited vulnerabilities Read More »

Critical vulnerabilities persist in high-risk sectors

Application Security, Black Duck, News, report, software, survey, vulnerability assessment /

Critical vulnerabilities persist in high-risk sectors 2024-11-15 at 06:38 By Help Net Security Finance and insurance sectors found to have the highest number of critical vulnerabilities, according to Black Duck. Finance and insurance industry faces highest vulnerabilities The report, which analyzes data from over 200,000 dynamic application security testing (DAST) scans conducted by Black Duck

Critical vulnerabilities persist in high-risk sectors Read More »

NIST is chipping away at NVD backlog

CVE, Don't miss, Hot stuff, News, NIST, vulnerability assessment, vulnerability management /

NIST is chipping away at NVD backlog 2024-11-14 at 16:33 By Zeljka Zorz The National Institute of Standards and Technology (NIST) is clearing the backlog of unprocessed CVE-numbered vulnerabilities in the National Vulnerability Database (NVD), but has admitted that their initial estimate of when they would finish the job was “optimistic”. About the NVD The

NIST is chipping away at NVD backlog Read More »

Nuclei: Open-source vulnerability scanner

Don't miss, GitHub, Hot stuff, News, open source, penetration testing, scanning, software, vulnerability assessment /

Nuclei: Open-source vulnerability scanner 2024-08-26 at 06:31 By Help Net Security Nuclei is a fast and customizable open-source vulnerability scanner powered by YAML-based templates. With its flexible templating system, Nuclei can be adapted to perform various security checks. It can send requests to multiple targets using customizable templates, ensuring zero false positives and enabling rapid

Nuclei: Open-source vulnerability scanner Read More »

OpenWrt dominates, but vulnerabilities persist in OT/IoT router firmware

Don't miss, Finite State, Forescout, hardware, Hot stuff, Internet of Things, News, patching, report, router, survey, vulnerability assessment /

OpenWrt dominates, but vulnerabilities persist in OT/IoT router firmware 2024-08-07 at 09:16 By Help Net Security Forescout has published a new report examining the current state of the software supply chain in OT/IoT routers. The study uncovered that OT and IoT cellular routers and those used in small offices and homes contain outdated software components

OpenWrt dominates, but vulnerabilities persist in OT/IoT router firmware Read More »

NIST says NVD will be back on track by September 2024

CVE, Don't miss, Hot stuff, News, NIST, vulnerability assessment, vulnerability management /

NIST says NVD will be back on track by September 2024 2024-05-30 at 14:01 By Zeljka Zorz The National Institute of Standards and Technology (NIST) has awarded a contract for an unnamed company/organization to help them process incoming Common Vulnerabilities and Exposures (CVEs) for inclusion in the National Vulnerability Database (NVD), the agency has announced

NIST says NVD will be back on track by September 2024 Read More »

CISA starts CVE “vulnrichment” program

CISA, CVE, Don't miss, Hot stuff, News, vulnerability assessment, vulnerability management /

CISA starts CVE “vulnrichment” program 2024-05-09 at 13:16 By Zeljka Zorz The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database’s recent slowdown. NVD is failing Since 1999, NVD analysts have been adding CVE-numbered vulnerabilities

CISA starts CVE “vulnrichment” program Read More »

5 free vulnerability scanners you should check out

Don't miss, Hot stuff, News, open source, scanning, software, vulnerability assessment /

5 free vulnerability scanners you should check out 26/09/2023 at 08:02 By Help Net Security Vulnerability scanners delve into systems to uncover security gaps. The primary mission? To fortify organizations against breaches and shield sensitive data from exposure. Beyond merely pinpointing weaknesses, vulnerability scanning is a proactive measure to anticipate potential attacker entry points. The

5 free vulnerability scanners you should check out Read More »

Enterprises persist with outdated authentication strategies

attacks, authentication, cybercriminals, cybersecurity, dark web, Don't miss, Enzoic, MFA, News, password management, passwordless, passwords, policy, report, strategy, vulnerability assessment /

Enterprises persist with outdated authentication strategies 15/09/2023 at 07:33 By Help Net Security Despite authentication being a cornerstone of cybersecurity, risk mitigation strategies remain outdated, according to new research from Enzoic. With the attack surface expanding and the increasing sophistication of cyber threats, organizations are struggling to deliver secure and user-friendly authentication. The research uncovered

Enterprises persist with outdated authentication strategies Read More »

Scroll to Top