vulnerability management

Why we must go beyond tooling and CVEs to illuminate security blind spots

CVE, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, runZero, vulnerability management /

Why we must go beyond tooling and CVEs to illuminate security blind spots 2025-07-18 at 09:41 By Help Net Security In April, the cybersecurity community held its breath as the Common Vulnerabilities and Exposures (CVE) program was plunged into a moment of existential crisis. In the end, an eleventh-hour reprieve saved the day. While CVEs […]

React to this headline:

Loading spinner

Why we must go beyond tooling and CVEs to illuminate security blind spots Read More »

Empirical Security Raises $12 Million for AI-Driven Vulnerability Management

Cybersecurity Funding, emerge from stealth, Empirical Security, funding, seed funding, vulnerability management /

Empirical Security Raises $12 Million for AI-Driven Vulnerability Management 2025-07-17 at 16:20 By Ionut Arghire Cybersecurity startup Empirical Security has raised $12 million in seed funding for its vulnerability management platform.  The post Empirical Security Raises $12 Million for AI-Driven Vulnerability Management appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

React to this headline:

Loading spinner

Empirical Security Raises $12 Million for AI-Driven Vulnerability Management Read More »

Exposure management is the answer to: “Am I working on the right things?”

cybersecurity, Don't miss, Features, Hot stuff, Incident Response, News, penetration testing, PlexTrac, strategy, vulnerability management /

Exposure management is the answer to: “Am I working on the right things?” 2025-07-08 at 09:07 By Mirko Zorz In this Help Net Security interview, Dan DeCloss, Founder and CTO at PlexTrac, discusses the role of exposure management in cybersecurity and how it helps organizations gain visibility into their attack surface to improve risk assessment

React to this headline:

Loading spinner

Exposure management is the answer to: “Am I working on the right things?” Read More »

Exposed and unaware? Smart buildings need smarter risk controls

automation, Claroty, digital transformation, News, remediation, report, risk, Risk Management, smart building, vulnerability management /

Exposed and unaware? Smart buildings need smarter risk controls 2025-07-04 at 08:01 By Help Net Security 75% of organizations have building management systems (BMS) affected by known exploited vulnerabilities (KEVs), according to Claroty. The post Exposed and unaware? Smart buildings need smarter risk controls appeared first on Help Net Security. This article is an excerpt

React to this headline:

Loading spinner

Exposed and unaware? Smart buildings need smarter risk controls Read More »

48% of security pros are falling behind compliance requirements

Artificial Intelligence, Lineaje, News, open source, report, software, supply chain, survey, vulnerability management /

48% of security pros are falling behind compliance requirements 2025-06-02 at 07:07 By Help Net Security 32% of security professionals think they can deliver zero-vulnerability software despite rising threats and compliance regulations, according to Lineaje. Meanwhile, 68% are more realistic, noting they feel uncertain about achieving this near impossible outcome. Software compliance adoption varies across

React to this headline:

Loading spinner

48% of security pros are falling behind compliance requirements Read More »

NIST proposes new metric to gauge exploited vulnerabilities

CISA, CISO, Don't miss, News, NIST, patching, security metrics, vulnerability assessment, vulnerability management /

NIST proposes new metric to gauge exploited vulnerabilities 2025-05-26 at 08:06 By Help Net Security NIST has introduced a new way to estimate which software vulnerabilities have likely been exploited, and it’s calling on the cybersecurity community to help improve and validate the method. The new metric, “Likely Exploited Vulnerabilities” (LEV), aims to close a

React to this headline:

Loading spinner

NIST proposes new metric to gauge exploited vulnerabilities Read More »

EU Cybersecurity Agency ENISA Launches European Vulnerability Database

ENISA, EU, EUVD, Vulnerabilities, vulnerability database, vulnerability management /

EU Cybersecurity Agency ENISA Launches European Vulnerability Database 2025-05-14 at 15:02 By Eduard Kovacs Experts say the European Vulnerability Database, or EUVD, should be a good resource, but only if ENISA manages to maintain it properly. The post EU Cybersecurity Agency ENISA Launches European Vulnerability Database appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

EU Cybersecurity Agency ENISA Launches European Vulnerability Database Read More »

What a future without CVEs means for cyber defense

CVE, cybersecurity, Don't miss, Expert analysis, Expert corner, Hack The Box, Hot stuff, News, opinion, vulnerability management /

What a future without CVEs means for cyber defense 2025-05-06 at 11:31 By Help Net Security The importance of the MITRE-run Common Vulnerabilities and Exposures (CVE) Program shouldn’t be understated. For 25 years, it has acted as the point of reference for cybersecurity professionals to understand and mitigate security flaws. By providing a standardized method

React to this headline:

Loading spinner

What a future without CVEs means for cyber defense Read More »

What it really takes to build a resilient cyber program

CISO, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, News, Nightwing, opinion, regulation, strategy, tips, vulnerability management /

What it really takes to build a resilient cyber program 2025-05-06 at 08:32 By Mirko Zorz In this Help Net Security interview, Dylan Owen, CISO at Nightwing, talks about what it really takes to build an effective defense: choosing the right frameworks, setting up processes, and getting everyone on the same page. Drawing on both

React to this headline:

Loading spinner

What it really takes to build a resilient cyber program Read More »

Review: Effective Vulnerability Management

Aquia, books, Don't miss, News, Reviews, skill development, strategy, tips, vulnerability management /

Review: Effective Vulnerability Management 2025-05-05 at 08:03 By Mirko Zorz Effective Vulnerability Management offers a view of a key part of cybersecurity, showing how practices, tools, and processes can help organizations reduce risk. About the authors Chris Hughes is the President of Aquia, a cybersecurity leader with 20 years of public and private sector experience,

React to this headline:

Loading spinner

Review: Effective Vulnerability Management Read More »

Investing in security? It’s not helping you fix what matters faster

cybersecurity, News, report, Seemplicity, survey, vulnerability management /

Investing in security? It’s not helping you fix what matters faster 2025-04-29 at 07:30 By Help Net Security Automation and structured collaboration have a strong, positive influence on the efficiency of vulnerability management, according to Seemplicity. However, manual processes, unstructured workflows, and excessive noise from vulnerability scanning tools continue to slow remediation efforts, leading to

React to this headline:

Loading spinner

Investing in security? It’s not helping you fix what matters faster Read More »

Securing digital products under the Cyber Resilience Act

Codific, Compliance, cybersecurity, data, Data Protection, Don't miss, EU, Features, Hot stuff, News, opinion, regulation, vulnerability management /

Securing digital products under the Cyber Resilience Act 2025-04-18 at 08:37 By Mirko Zorz In this Help Net Security interview, Dr. Dag Flachet, co-founder at Codific, explains what the Cyber Resilience Act (CRA) means for companies and how it compares to GDPR in terms of regulatory complexity and impact on organizations. He discusses the technical

React to this headline:

Loading spinner

Securing digital products under the Cyber Resilience Act Read More »

Microsoft vulnerabilities: What’s improved, what’s at risk

BeyondTrust, cybersecurity, Microsoft, News, patching, report, vulnerability management /

Microsoft vulnerabilities: What’s improved, what’s at risk 2025-04-17 at 08:02 By Help Net Security Microsoft reported a record 1,360 vulnerabilities in 2024, according to the latest BeyondTrust Microsoft Vulnerabilities Report. The volume marks an 11% increase from the previous record in 2022 and fits within a broader post-pandemic trend: more vulnerabilities, more products, and more

React to this headline:

Loading spinner

Microsoft vulnerabilities: What’s improved, what’s at risk Read More »

Funding uncertainty may spell the end of MITRE’s CVE program

CardinalOps, CVE, Don't miss, Edera, Hot stuff, MITRE, News, VulnCheck, vulnerability disclosure, vulnerability management /

Funding uncertainty may spell the end of MITRE’s CVE program 2025-04-16 at 14:56 By Zeljka Zorz The future of the Common Vulnerabilities and Exposures (CVE) program hangs in the balance: MITRE, the not-for-profit US organization that runs it, could lose the US federal funding that helps them maintain it. But others have been waiting in

React to this headline:

Loading spinner

Funding uncertainty may spell the end of MITRE’s CVE program Read More »

94% of firms say pentesting is essential, but few are doing it right

Cobalt, cybersecurity, generative AI, News, report, survey, vulnerability management /

94% of firms say pentesting is essential, but few are doing it right 2025-04-15 at 08:05 By Help Net Security Organizations are fixing less than half of all exploitable vulnerabilities, with just 21% of GenAI app flaws being resolved, according to Cobalt. Big firms take longer to fix pentest issues 94% of firms view pentesting

React to this headline:

Loading spinner

94% of firms say pentesting is essential, but few are doing it right Read More »

Only 2-5% of application security alerts require immediate action

Application Security, cybersecurity, Don't miss, News, Ox Security, report, survey, vulnerability management /

Only 2-5% of application security alerts require immediate action 2025-03-31 at 07:51 By Help Net Security The large volume of security alerts, many created by automated tools, is overwhelming security and development teams, according to the 2025 Application Security Benchmark report by Ox Security. The report is based on an analysis of over 101 million

React to this headline:

Loading spinner

Only 2-5% of application security alerts require immediate action Read More »

Critical vulnerabilities remain unresolved due to prioritization gaps

cybersecurity, News, report, survey, Swimlane, vulnerability management /

Critical vulnerabilities remain unresolved due to prioritization gaps 2025-01-16 at 06:19 By Help Net Security Fragmented data from multiple scanners, siloed risk scoring and poor cross-team collaboration are leaving organizations increasingly exposed to breaches, compliance failures and costly penalties, according to Swimlane. The relentless surge of vulnerabilities is pushing security teams to their limits, forcing

React to this headline:

Loading spinner

Critical vulnerabilities remain unresolved due to prioritization gaps Read More »

Time for a change: Elevating developers’ security skills

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, skill development, software development, Symbiotic Security, vulnerability management /

Time for a change: Elevating developers’ security skills 2025-01-13 at 06:07 By Help Net Security Organizations don’t know their software engineers’ security skills because they don’t assess them in the interview process. Trying to do that in an interview is challenging, of course, given the time it takes for a proper assessment. However, given the

React to this headline:

Loading spinner

Time for a change: Elevating developers’ security skills Read More »

Critical ICS Vulnerabilities Uncovered in Weekly Vulnerability Report

vulnerability, vulnerability management /

Critical ICS Vulnerabilities Uncovered in Weekly Vulnerability Report 2025-01-10 at 09:35 By Ashish Khaitan Overview  This week’s ICS vulnerability report sheds light on multiple flaws detected between January 01, 2025, to January 07, 2025. The report offers crucial insights into the cybersecurity challenges faced by organizations. It draws attention to the vulnerabilities identified by the

React to this headline:

Loading spinner

Critical ICS Vulnerabilities Uncovered in Weekly Vulnerability Report Read More »

CISA Releases Two New Industrial Control Systems Advisories for 2025

vulnerability, vulnerability management /

CISA Releases Two New Industrial Control Systems Advisories for 2025 2025-01-08 at 14:12 By Ashish Khaitan Overview  The Cybersecurity and Infrastructure Security Agency (CISA) released two critical Industrial Control Systems (ICS) advisories. These advisories, ICSA-25-007-01 and ICSA-25-007-02, aim to inform users and administrators about vulnerabilities in key ICS products. The goal is to mitigate potential

React to this headline:

Loading spinner

CISA Releases Two New Industrial Control Systems Advisories for 2025 Read More »

Scroll to Top