vulnerability management

What a future without CVEs means for cyber defense

What a future without CVEs means for cyber defense 2025-05-06 at 11:31 By Help Net Security The importance of the MITRE-run Common Vulnerabilities and Exposures (CVE) Program shouldn’t be understated. For 25 years, it has acted as the point of reference for cybersecurity professionals to understand and mitigate security flaws. By providing a standardized method […]

React to this headline:

Loading spinner

What a future without CVEs means for cyber defense Read More »

What it really takes to build a resilient cyber program

What it really takes to build a resilient cyber program 2025-05-06 at 08:32 By Mirko Zorz In this Help Net Security interview, Dylan Owen, CISO at Nightwing, talks about what it really takes to build an effective defense: choosing the right frameworks, setting up processes, and getting everyone on the same page. Drawing on both

React to this headline:

Loading spinner

What it really takes to build a resilient cyber program Read More »

Review: Effective Vulnerability Management

Review: Effective Vulnerability Management 2025-05-05 at 08:03 By Mirko Zorz Effective Vulnerability Management offers a view of a key part of cybersecurity, showing how practices, tools, and processes can help organizations reduce risk. About the authors Chris Hughes is the President of Aquia, a cybersecurity leader with 20 years of public and private sector experience,

React to this headline:

Loading spinner

Review: Effective Vulnerability Management Read More »

Investing in security? It’s not helping you fix what matters faster

Investing in security? It’s not helping you fix what matters faster 2025-04-29 at 07:30 By Help Net Security Automation and structured collaboration have a strong, positive influence on the efficiency of vulnerability management, according to Seemplicity. However, manual processes, unstructured workflows, and excessive noise from vulnerability scanning tools continue to slow remediation efforts, leading to

React to this headline:

Loading spinner

Investing in security? It’s not helping you fix what matters faster Read More »

Securing digital products under the Cyber Resilience Act

Securing digital products under the Cyber Resilience Act 2025-04-18 at 08:37 By Mirko Zorz In this Help Net Security interview, Dr. Dag Flachet, co-founder at Codific, explains what the Cyber Resilience Act (CRA) means for companies and how it compares to GDPR in terms of regulatory complexity and impact on organizations. He discusses the technical

React to this headline:

Loading spinner

Securing digital products under the Cyber Resilience Act Read More »

Microsoft vulnerabilities: What’s improved, what’s at risk

Microsoft vulnerabilities: What’s improved, what’s at risk 2025-04-17 at 08:02 By Help Net Security Microsoft reported a record 1,360 vulnerabilities in 2024, according to the latest BeyondTrust Microsoft Vulnerabilities Report. The volume marks an 11% increase from the previous record in 2022 and fits within a broader post-pandemic trend: more vulnerabilities, more products, and more

React to this headline:

Loading spinner

Microsoft vulnerabilities: What’s improved, what’s at risk Read More »

Funding uncertainty may spell the end of MITRE’s CVE program

Funding uncertainty may spell the end of MITRE’s CVE program 2025-04-16 at 14:56 By Zeljka Zorz The future of the Common Vulnerabilities and Exposures (CVE) program hangs in the balance: MITRE, the not-for-profit US organization that runs it, could lose the US federal funding that helps them maintain it. But others have been waiting in

React to this headline:

Loading spinner

Funding uncertainty may spell the end of MITRE’s CVE program Read More »

94% of firms say pentesting is essential, but few are doing it right

94% of firms say pentesting is essential, but few are doing it right 2025-04-15 at 08:05 By Help Net Security Organizations are fixing less than half of all exploitable vulnerabilities, with just 21% of GenAI app flaws being resolved, according to Cobalt. Big firms take longer to fix pentest issues 94% of firms view pentesting

React to this headline:

Loading spinner

94% of firms say pentesting is essential, but few are doing it right Read More »

Only 2-5% of application security alerts require immediate action

Only 2-5% of application security alerts require immediate action 2025-03-31 at 07:51 By Help Net Security The large volume of security alerts, many created by automated tools, is overwhelming security and development teams, according to the 2025 Application Security Benchmark report by Ox Security. The report is based on an analysis of over 101 million

React to this headline:

Loading spinner

Only 2-5% of application security alerts require immediate action Read More »

Critical vulnerabilities remain unresolved due to prioritization gaps

Critical vulnerabilities remain unresolved due to prioritization gaps 2025-01-16 at 06:19 By Help Net Security Fragmented data from multiple scanners, siloed risk scoring and poor cross-team collaboration are leaving organizations increasingly exposed to breaches, compliance failures and costly penalties, according to Swimlane. The relentless surge of vulnerabilities is pushing security teams to their limits, forcing

React to this headline:

Loading spinner

Critical vulnerabilities remain unresolved due to prioritization gaps Read More »

Time for a change: Elevating developers’ security skills

Time for a change: Elevating developers’ security skills 2025-01-13 at 06:07 By Help Net Security Organizations don’t know their software engineers’ security skills because they don’t assess them in the interview process. Trying to do that in an interview is challenging, of course, given the time it takes for a proper assessment. However, given the

React to this headline:

Loading spinner

Time for a change: Elevating developers’ security skills Read More »

Critical ICS Vulnerabilities Uncovered in Weekly Vulnerability Report

Critical ICS Vulnerabilities Uncovered in Weekly Vulnerability Report 2025-01-10 at 09:35 By Ashish Khaitan Overview  This week’s ICS vulnerability report sheds light on multiple flaws detected between January 01, 2025, to January 07, 2025. The report offers crucial insights into the cybersecurity challenges faced by organizations. It draws attention to the vulnerabilities identified by the

React to this headline:

Loading spinner

Critical ICS Vulnerabilities Uncovered in Weekly Vulnerability Report Read More »

CISA Releases Two New Industrial Control Systems Advisories for 2025

CISA Releases Two New Industrial Control Systems Advisories for 2025 2025-01-08 at 14:12 By Ashish Khaitan Overview  The Cybersecurity and Infrastructure Security Agency (CISA) released two critical Industrial Control Systems (ICS) advisories. These advisories, ICSA-25-007-01 and ICSA-25-007-02, aim to inform users and administrators about vulnerabilities in key ICS products. The goal is to mitigate potential

React to this headline:

Loading spinner

CISA Releases Two New Industrial Control Systems Advisories for 2025 Read More »

Tenable Nessus Bug and LDAP RCE: What You Need to Know

Tenable Nessus Bug and LDAP RCE: What You Need to Know 2025-01-07 at 12:48 By Ashish Khaitan Overview  JoCERT has alerted the global cybersecurity community about two critical issues requiring urgent attention from IT professionals and system administrators. The first involves Tenable Nessus Agents, a widely-used vulnerability scanning tool, while the second concerns a critical

React to this headline:

Loading spinner

Tenable Nessus Bug and LDAP RCE: What You Need to Know Read More »

Cyble Research Reports Critical Vulnerabilities Exposing Routers, Firewalls, and Web Servers

Cyble Research Reports Critical Vulnerabilities Exposing Routers, Firewalls, and Web Servers 2025-01-03 at 14:33 By Ashish Khaitan Overview  Cyble Research & Intelligence Labs (CRIL) has released its latest Weekly Vulnerability Insights report, offering a detailed overview of the critical vulnerabilities discovered between December 25, 2024, and December 31, 2024. The report highlights key security threats

React to this headline:

Loading spinner

Cyble Research Reports Critical Vulnerabilities Exposing Routers, Firewalls, and Web Servers Read More »

CERT-In Issues Alert on WPForms Vulnerability That Can Disrupt Payment and Subscription Services

CERT-In Issues Alert on WPForms Vulnerability That Can Disrupt Payment and Subscription Services 2025-01-03 at 12:36 By Ashish Khaitan Overview  The Indian Computer Emergency Response Team (CERT-In) has issued an alert regarding a critical security vulnerability in the WPForms plugin for WordPress. The flaw, identified as CVE-2024-11205, could allow attackers to bypass authorization controls and

React to this headline:

Loading spinner

CERT-In Issues Alert on WPForms Vulnerability That Can Disrupt Payment and Subscription Services Read More »

CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls 

CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls  2025-01-02 at 14:30 By Ashish Khaitan Overview  The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-3393, a Palo Alto Networks PAN-OS Malformed DNS Packet vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability impacts the DNS Security feature

React to this headline:

Loading spinner

CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls  Read More »

VibeBP WordPress Plugin Security Flaws Expose Sites to RCE and Privilege Escalation

VibeBP WordPress Plugin Security Flaws Expose Sites to RCE and Privilege Escalation 2024-12-31 at 14:51 By Ashish Khaitan Overview The Cybersecurity and Infrastructure Security Agency (CERT-In) released an urgent vulnerability note (CIVN-2024-0360) concerning several critical VibeBP vulnerabilities . These vulnerabilities in VibeBP pose online risk to website owners using affected versions, and they could lead to

React to this headline:

Loading spinner

VibeBP WordPress Plugin Security Flaws Expose Sites to RCE and Privilege Escalation Read More »

Cyber Security Agency of Singapore Warns of Exploited Apache Vulnerabilities in 2024

Cyber Security Agency of Singapore Warns of Exploited Apache Vulnerabilities in 2024 2024-12-31 at 10:56 By Ashish Khaitan Overview  The Cyber Security Agency of Singapore (CSA) has alerted users of multiple vulnerabilities in Apache software. According to the alert, three Apache vulnerabilities have been reported, including CVE-2024-43441, CVE-2024-45387, and CVE-2024-52046. In late 2024, the Apache

React to this headline:

Loading spinner

Cyber Security Agency of Singapore Warns of Exploited Apache Vulnerabilities in 2024 Read More »

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges 2024-12-02 at 07:12 By Mirko Zorz In this Help Net Security interview, Alec Summers, Project Leader for the CVE Program at MITRE, shares his insights on the 2024 CWE top 25 most dangerous software weaknesses. He discusses the impact of the new methodology that

React to this headline:

Loading spinner

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges Read More »

Scroll to Top