vulnerability management

Microsoft vulnerabilities: What’s improved, what’s at risk

BeyondTrust, cybersecurity, Microsoft, News, patching, report, vulnerability management /

Microsoft vulnerabilities: What’s improved, what’s at risk 2025-04-17 at 08:02 By Help Net Security Microsoft reported a record 1,360 vulnerabilities in 2024, according to the latest BeyondTrust Microsoft Vulnerabilities Report. The volume marks an 11% increase from the previous record in 2022 and fits within a broader post-pandemic trend: more vulnerabilities, more products, and more […]

React to this headline:

Loading spinner

Microsoft vulnerabilities: What’s improved, what’s at risk Read More »

Funding uncertainty may spell the end of MITRE’s CVE program

CardinalOps, CVE, Don't miss, Edera, Hot stuff, MITRE, News, VulnCheck, vulnerability disclosure, vulnerability management /

Funding uncertainty may spell the end of MITRE’s CVE program 2025-04-16 at 14:56 By Zeljka Zorz The future of the Common Vulnerabilities and Exposures (CVE) program hangs in the balance: MITRE, the not-for-profit US organization that runs it, could lose the US federal funding that helps them maintain it. But others have been waiting in

React to this headline:

Loading spinner

Funding uncertainty may spell the end of MITRE’s CVE program Read More »

94% of firms say pentesting is essential, but few are doing it right

Cobalt, cybersecurity, generative AI, News, report, survey, vulnerability management /

94% of firms say pentesting is essential, but few are doing it right 2025-04-15 at 08:05 By Help Net Security Organizations are fixing less than half of all exploitable vulnerabilities, with just 21% of GenAI app flaws being resolved, according to Cobalt. Big firms take longer to fix pentest issues 94% of firms view pentesting

React to this headline:

Loading spinner

94% of firms say pentesting is essential, but few are doing it right Read More »

Only 2-5% of application security alerts require immediate action

Application Security, cybersecurity, Don't miss, News, Ox Security, report, survey, vulnerability management /

Only 2-5% of application security alerts require immediate action 2025-03-31 at 07:51 By Help Net Security The large volume of security alerts, many created by automated tools, is overwhelming security and development teams, according to the 2025 Application Security Benchmark report by Ox Security. The report is based on an analysis of over 101 million

React to this headline:

Loading spinner

Only 2-5% of application security alerts require immediate action Read More »

Critical vulnerabilities remain unresolved due to prioritization gaps

cybersecurity, News, report, survey, Swimlane, vulnerability management /

Critical vulnerabilities remain unresolved due to prioritization gaps 2025-01-16 at 06:19 By Help Net Security Fragmented data from multiple scanners, siloed risk scoring and poor cross-team collaboration are leaving organizations increasingly exposed to breaches, compliance failures and costly penalties, according to Swimlane. The relentless surge of vulnerabilities is pushing security teams to their limits, forcing

React to this headline:

Loading spinner

Critical vulnerabilities remain unresolved due to prioritization gaps Read More »

Time for a change: Elevating developers’ security skills

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, skill development, software development, Symbiotic Security, vulnerability management /

Time for a change: Elevating developers’ security skills 2025-01-13 at 06:07 By Help Net Security Organizations don’t know their software engineers’ security skills because they don’t assess them in the interview process. Trying to do that in an interview is challenging, of course, given the time it takes for a proper assessment. However, given the

React to this headline:

Loading spinner

Time for a change: Elevating developers’ security skills Read More »

Critical ICS Vulnerabilities Uncovered in Weekly Vulnerability Report

vulnerability, vulnerability management /

Critical ICS Vulnerabilities Uncovered in Weekly Vulnerability Report 2025-01-10 at 09:35 By Ashish Khaitan Overview  This week’s ICS vulnerability report sheds light on multiple flaws detected between January 01, 2025, to January 07, 2025. The report offers crucial insights into the cybersecurity challenges faced by organizations. It draws attention to the vulnerabilities identified by the

React to this headline:

Loading spinner

Critical ICS Vulnerabilities Uncovered in Weekly Vulnerability Report Read More »

CISA Releases Two New Industrial Control Systems Advisories for 2025

vulnerability, vulnerability management /

CISA Releases Two New Industrial Control Systems Advisories for 2025 2025-01-08 at 14:12 By Ashish Khaitan Overview  The Cybersecurity and Infrastructure Security Agency (CISA) released two critical Industrial Control Systems (ICS) advisories. These advisories, ICSA-25-007-01 and ICSA-25-007-02, aim to inform users and administrators about vulnerabilities in key ICS products. The goal is to mitigate potential

React to this headline:

Loading spinner

CISA Releases Two New Industrial Control Systems Advisories for 2025 Read More »

Tenable Nessus Bug and LDAP RCE: What You Need to Know

vulnerability, vulnerability management /

Tenable Nessus Bug and LDAP RCE: What You Need to Know 2025-01-07 at 12:48 By Ashish Khaitan Overview  JoCERT has alerted the global cybersecurity community about two critical issues requiring urgent attention from IT professionals and system administrators. The first involves Tenable Nessus Agents, a widely-used vulnerability scanning tool, while the second concerns a critical

React to this headline:

Loading spinner

Tenable Nessus Bug and LDAP RCE: What You Need to Know Read More »

Cyble Research Reports Critical Vulnerabilities Exposing Routers, Firewalls, and Web Servers

vulnerability, vulnerability management /

Cyble Research Reports Critical Vulnerabilities Exposing Routers, Firewalls, and Web Servers 2025-01-03 at 14:33 By Ashish Khaitan Overview  Cyble Research & Intelligence Labs (CRIL) has released its latest Weekly Vulnerability Insights report, offering a detailed overview of the critical vulnerabilities discovered between December 25, 2024, and December 31, 2024. The report highlights key security threats

React to this headline:

Loading spinner

Cyble Research Reports Critical Vulnerabilities Exposing Routers, Firewalls, and Web Servers Read More »

CERT-In Issues Alert on WPForms Vulnerability That Can Disrupt Payment and Subscription Services

cyber news, vulnerability, vulnerability management /

CERT-In Issues Alert on WPForms Vulnerability That Can Disrupt Payment and Subscription Services 2025-01-03 at 12:36 By Ashish Khaitan Overview  The Indian Computer Emergency Response Team (CERT-In) has issued an alert regarding a critical security vulnerability in the WPForms plugin for WordPress. The flaw, identified as CVE-2024-11205, could allow attackers to bypass authorization controls and

React to this headline:

Loading spinner

CERT-In Issues Alert on WPForms Vulnerability That Can Disrupt Payment and Subscription Services Read More »

CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls 

vulnerability, vulnerability management /

CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls  2025-01-02 at 14:30 By Ashish Khaitan Overview  The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-3393, a Palo Alto Networks PAN-OS Malformed DNS Packet vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability impacts the DNS Security feature

React to this headline:

Loading spinner

CISA Adds CVE-2024-3393 to Vulnerabilities Catalog: Palo Alto Networks PAN-OS DNS Packet Flaw Threatens Firewalls  Read More »

VibeBP WordPress Plugin Security Flaws Expose Sites to RCE and Privilege Escalation

cyber news, vulnerability, vulnerability management /

VibeBP WordPress Plugin Security Flaws Expose Sites to RCE and Privilege Escalation 2024-12-31 at 14:51 By Ashish Khaitan Overview The Cybersecurity and Infrastructure Security Agency (CERT-In) released an urgent vulnerability note (CIVN-2024-0360) concerning several critical VibeBP vulnerabilities . These vulnerabilities in VibeBP pose online risk to website owners using affected versions, and they could lead to

React to this headline:

Loading spinner

VibeBP WordPress Plugin Security Flaws Expose Sites to RCE and Privilege Escalation Read More »

Cyber Security Agency of Singapore Warns of Exploited Apache Vulnerabilities in 2024

CSA, cyber news, vulnerability, vulnerability management /

Cyber Security Agency of Singapore Warns of Exploited Apache Vulnerabilities in 2024 2024-12-31 at 10:56 By Ashish Khaitan Overview  The Cyber Security Agency of Singapore (CSA) has alerted users of multiple vulnerabilities in Apache software. According to the alert, three Apache vulnerabilities have been reported, including CVE-2024-43441, CVE-2024-45387, and CVE-2024-52046. In late 2024, the Apache

React to this headline:

Loading spinner

Cyber Security Agency of Singapore Warns of Exploited Apache Vulnerabilities in 2024 Read More »

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges

Artificial Intelligence, CNA, CVE, cybersecurity, Don't miss, Features, Hot stuff, MITRE, News, opinion, vulnerability management /

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges 2024-12-02 at 07:12 By Mirko Zorz In this Help Net Security interview, Alec Summers, Project Leader for the CVE Program at MITRE, shares his insights on the 2024 CWE top 25 most dangerous software weaknesses. He discusses the impact of the new methodology that

React to this headline:

Loading spinner

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges Read More »

The effect of compliance requirements on vulnerability management strategies

automation, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, Nucleus Security, opinion, patching, vulnerability management /

The effect of compliance requirements on vulnerability management strategies 2024-11-29 at 07:34 By Mirko Zorz In this Help Net Security interview, Steve Carter, CEO of Nucleus Security, discusses the ongoing challenges in vulnerability management, including prioritizing vulnerabilities and addressing patching delays. Carter also covers compliance requirements and how automation can streamline vulnerability management processes. Why

React to this headline:

Loading spinner

The effect of compliance requirements on vulnerability management strategies Read More »

NIST is chipping away at NVD backlog

CVE, Don't miss, Hot stuff, News, NIST, vulnerability assessment, vulnerability management /

NIST is chipping away at NVD backlog 2024-11-14 at 16:33 By Zeljka Zorz The National Institute of Standards and Technology (NIST) is clearing the backlog of unprocessed CVE-numbered vulnerabilities in the National Vulnerability Database (NVD), but has admitted that their initial estimate of when they would finish the job was “optimistic”. About the NVD The

React to this headline:

Loading spinner

NIST is chipping away at NVD backlog Read More »

Risk hunting: A proactive approach to cyber threats

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, risk, Risk Management, vulnerability management, Zscaler /

Risk hunting: A proactive approach to cyber threats 2024-10-30 at 07:34 By Help Net Security Cybersecurity is an overly reactive industry. Too often we act like firefighters, rushing from blaze to blaze, extinguishing flames hoping to keep the damage to a minimum, rather than fire suppression experts designing environments that refuse to burn. Just consider

React to this headline:

Loading spinner

Risk hunting: A proactive approach to cyber threats Read More »

Defenders must adapt to shrinking exploitation timelines

0-day, Don't miss, exploit, Hot stuff, Mandiant, News, patching, report, vulnerability management /

Defenders must adapt to shrinking exploitation timelines 2024-10-16 at 15:16 By Zeljka Zorz A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 days in 2021 in 2022. One reason for this is the fact that,

React to this headline:

Loading spinner

Defenders must adapt to shrinking exploitation timelines Read More »

Strengthening Kubernetes security posture with these essential steps

containers, cybersecurity, Don't miss, Features, Hot stuff, Kubernetes, News, open source, opinion, SparkFabrik, strategy, vulnerability management /

Strengthening Kubernetes security posture with these essential steps 2024-10-16 at 07:01 By Mirko Zorz In this Help Net Security interview, Paolo Mainardi, CTO at SparkFabrik, discusses comprehensive strategies to secure Kubernetes environments from development through deployment. He focuses on best practices, automation, and continuous monitoring. Many security risks in Kubernetes originate from vulnerable container images.

React to this headline:

Loading spinner

Strengthening Kubernetes security posture with these essential steps Read More »

Scroll to Top