vulnerability management - Security Ticks

The Week in Vulnerabilities: Juniper, Cisco SD-WAN, and Critical ICS Exposure

cyber news, vulnerability, vulnerability management / SecurityTicks

The Week in Vulnerabilities: Juniper, Cisco SD-WAN, and Critical ICS Exposure 2026-03-20 at 11:15 By Ashish Khaitan Cyble Research & Intelligence Labs (CRIL) tracked 1,641 vulnerabilities between March 04 and March 10, 2026. Of these, 175 vulnerabilities already have publicly available Proof-of-Concept (PoC) exploits, significantly increasing the likelihood of real-world attacks. A total of 200 vulnerabilities were rated critical under CVSS v3.1, while 61 […]

The Week in Vulnerabilities: Juniper, Cisco SD-WAN, and Critical ICS Exposure Read More »

Open-source security debt grows across commercial software

Artificial Intelligence, Black Duck, cybersecurity, Don't miss, Hot stuff, News, open source, report, survey, vulnerability management / SecurityTicks

Open-source security debt grows across commercial software 2026-02-26 at 08:36 By Mirko Zorz Open source code sits inside nearly every commercial application, and development teams continue to add new dependencies. Black Duck’s 2026 Open Source Security and Risk Analysis Report data shows that nearly all audited codebases contain open source components, with average component counts

Open-source security debt grows across commercial software Read More »

The Week in Vulnerabilities: WordPress, BeyondTrust, and Critical ICS Bugs

cyber news, vulnerability, vulnerability management / SecurityTicks

The Week in Vulnerabilities: WordPress, BeyondTrust, and Critical ICS Bugs 2026-02-25 at 15:20 By Ashish Khaitan Cyble Research & Intelligence Labs (CRIL) tracked 1,102 vulnerabilities last week. Of these, 166 vulnerabilities already have publicly available Proof-of-Concept (PoC) exploits, significantly increasing the likelihood of real-world attacks. A total of 49 vulnerabilities were rated critical under CVSS v3.1, while 32 received critical

The Week in Vulnerabilities: WordPress, BeyondTrust, and Critical ICS Bugs Read More »

The Week in Vulnerabilities: SolarWinds, Ivanti, and Critical ICS Exposure

cyber news, vulnerability, vulnerability management / SecurityTicks

The Week in Vulnerabilities: SolarWinds, Ivanti, and Critical ICS Exposure 2026-02-19 at 14:07 By Ashish Khaitan Cyble Research & Intelligence Labs (CRIL) tracked 1,158 vulnerabilities last week. Of these, 251 vulnerabilities already have publicly available Proof-of-Concept (PoC) exploits, significantly increasing the likelihood of real-world attacks. A total of 94 vulnerabilities were rated critical under CVSS v3.1, while 43 were rated

The Week in Vulnerabilities: SolarWinds, Ivanti, and Critical ICS Exposure Read More »

The hidden cost of putting off security decisions

CISO, cyber risk, cybersecurity, Don't miss, Geordie AI, News, shadow IT, tips, Video, vulnerability management / SecurityTicks

The hidden cost of putting off security decisions 2026-02-06 at 08:01 By Help Net Security In this Help Net Security video, Hanah Darley, Chief AI Officer, Geordie AI, talks about how putting off security risk decisions creates long-term costs that often stay hidden. Drawing on her work with CISOs and security leaders, she shows how

The hidden cost of putting off security decisions Read More »

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers

Broadcom, CISA, Don't miss, ESXi, exploit, GreyNoise, Hot stuff, News, patching, Ransomware, VMWare, vulnerability, vulnerability management / SecurityTicks

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers 2026-02-05 at 18:17 By Zeljka Zorz CVE-2025-22225, a VMware ESXi arbitrary write vulnerability, is being used in ransomware campaigns, CISA confirmed on Wednesday by updating the vulnerability’s entry in its Known Exploited Vulnerabilities (KEV) catalog. Researchers linked VMware ESXi zero-day trio to single exploit toolkit

CISA confirms exploitation of VMware ESXi flaw by ransomware attackers Read More »

Nullify Secures $12.5 Million in Seed Funding for Cybersecurity AI Workforce

AI, Cybersecurity Funding, funding, Nullify, seed funding, vulnerability management / SecurityTicks

Nullify Secures $12.5 Million in Seed Funding for Cybersecurity AI Workforce 2026-02-05 at 15:02 By Eduard Kovacs This latest infusion, led by SYN Ventures, brings the company’s total funding to $16.9 million. The post Nullify Secures $12.5 Million in Seed Funding for Cybersecurity AI Workforce appeared first on SecurityWeek. This article is an excerpt from

Nullify Secures $12.5 Million in Seed Funding for Cybersecurity AI Workforce Read More »

RapidFort Raises $42M to Automate Software Supply Chain Security

Cybersecurity Funding, funding, supply chain, vulnerability management / SecurityTicks

RapidFort Raises $42M to Automate Software Supply Chain Security 2026-02-03 at 17:01 By Eduard Kovacs The company will use the latest capital to scale its go-to-market efforts and expand its platform’s capabilities. The post RapidFort Raises $42M to Automate Software Supply Chain Security appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

RapidFort Raises $42M to Automate Software Supply Chain Security Read More »

The Week in Vulnerabilities: Open-Sources Fixes Urged by Cyble

vulnerability, vulnerability management / SecurityTicks

The Week in Vulnerabilities: Open-Sources Fixes Urged by Cyble 2026-02-03 at 15:15 By Ashish Khaitan Cyble Vulnerability Intelligence researchers tracked 1,147 vulnerabilities in the last week, and more than 128 of the disclosed vulnerabilities already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks. A total of 108 vulnerabilities were rated as critical under the CVSS v3.1 scoring system, while 54 received a critical severity rating

The Week in Vulnerabilities: Open-Sources Fixes Urged by Cyble Read More »

Open-source attacks move through normal development workflows

attacks, Don't miss, News, open source, report, ReversingLabs, supply chain, supply chain attacks, vulnerability management / SecurityTicks

Open-source attacks move through normal development workflows 2026-02-03 at 08:18 By Anamarija Pogorelec Software development relies on a steady flow of third-party code, automated updates, and fast release cycles. That environment has made the software supply chain a routine point of entry for attackers, with malicious activity blending into normal build and deployment processes. A

Open-source attacks move through normal development workflows Read More »

Aisy Launches Out of Stealth to Transform Vulnerability Management

Aisy, Cybersecurity Funding, emerge from stealth, funding, prioritization, vulnerability, vulnerability management / SecurityTicks

Aisy Launches Out of Stealth to Transform Vulnerability Management 2026-01-30 at 17:19 By Kevin Townsend Aisy has emerged from stealth mode with $2.3 million in seed funding for its AI-assisted platform. The post Aisy Launches Out of Stealth to Transform Vulnerability Management appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Aisy Launches Out of Stealth to Transform Vulnerability Management Read More »

Open-source malware zeroes in on developer environments

cybersecurity, Don't miss, Malware, News, open source, report, Sonatype, vulnerability management / SecurityTicks

Open-source malware zeroes in on developer environments 2026-01-29 at 08:36 By Anamarija Pogorelec Open source malware activity during 2025 concentrated on a single objective: executing code inside developer environments, according to Sonatype. The focus reflected a broader shift in supply chain attacks away from end users and toward the tools, machines, and pipelines used to

Open-source malware zeroes in on developer environments Read More »

The Week in Vulnerabilities: Cyble Urges Oracle, OpenStack Fixes

cyber news, vulnerability, vulnerability management / SecurityTicks

The Week in Vulnerabilities: Cyble Urges Oracle, OpenStack Fixes 2026-01-28 at 12:33 By Ashish Khaitan Cyble Vulnerability Intelligence researchers tracked 1,031 vulnerabilities in the last week, and nearly 200 already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks on those vulnerabilities. A total of 72 vulnerabilities were rated as critical under the CVSS v3.1 scoring system, while 33 received a critical severity rating based on

The Week in Vulnerabilities: Cyble Urges Oracle, OpenStack Fixes Read More »

The 2026 State of Pentesting: Why delivery and follow-through matter more than ever

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, penetration testing, PlexTrac, remediation, vulnerability management / SecurityTicks

The 2026 State of Pentesting: Why delivery and follow-through matter more than ever 2026-01-21 at 07:34 By Help Net Security Penetration testing has evolved significantly over the past several years. While uncovering exploitable vulnerabilities remains the core goal, the real differentiator today is how findings are handled after the testing concludes. The method of reporting,

The 2026 State of Pentesting: Why delivery and follow-through matter more than ever Read More »

The Week in Vulnerabilities: 2026 Starts with 100 PoCs and New Exploits

vulnerability, vulnerability management / SecurityTicks

The Week in Vulnerabilities: 2026 Starts with 100 PoCs and New Exploits 2026-01-09 at 13:39 By Ashish Khaitan Cyble Vulnerability Intelligence researchers tracked 678 vulnerabilities in the last week, a decline from the high volume of new vulnerabilities observed in the last few weeks of 2025. Nearly 100 of the disclosed vulnerabilities already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks on those vulnerabilities. A total of 42 vulnerabilities were rated as critical under

The Week in Vulnerabilities: 2026 Starts with 100 PoCs and New Exploits Read More »

Singapore Cyber Agency Warns of Critical IBM API Connect Vulnerability (CVE-2025-13915)

vulnerability, vulnerability management / SecurityTicks

Singapore Cyber Agency Warns of Critical IBM API Connect Vulnerability (CVE-2025-13915) 2026-01-06 at 10:01 By Ashish Khaitan Overview The Cyber Security Agency of Singapore has issued an alert regarding a critical vulnerability affecting IBM API Connect, following the release of official security updates by IBM on 2 January 2026. The flaw, tracked as CVE-2025-13915, carries a CVSS v3.1 base score of 9.8, placing

Singapore Cyber Agency Warns of Critical IBM API Connect Vulnerability (CVE-2025-13915) Read More »

CISA Known Exploited Vulnerabilities Surged 20% in 2025

vulnerability, vulnerability management / SecurityTicks

CISA Known Exploited Vulnerabilities Surged 20% in 2025 2026-01-02 at 14:43 By Ashish Khaitan The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 245 vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2025, as the database grew to 1,484 software and hardware flaws at high risk of cyberattacks. The agency removed at least one vulnerability from the catalog in 2025 – CVE-2025-6264, a Velociraptor Incorrect Default Permissions vulnerability that CISA determined had

CISA Known Exploited Vulnerabilities Surged 20% in 2025 Read More »

The Week in Vulnerabilities: The Year Ends with an Alarming New Trend

cyber news, vulnerability, vulnerability management / SecurityTicks

The Week in Vulnerabilities: The Year Ends with an Alarming New Trend 2025-12-31 at 11:30 By Ashish Khaitan Cyble Vulnerability Intelligence researchers tracked 1,782 vulnerabilities in the last week, the third straight week that new vulnerabilities have been growing at twice their long-term rate. Over 282 of the disclosed vulnerabilities already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks on those vulnerabilities. A total of 207 vulnerabilities were rated as critical under the CVSS

The Week in Vulnerabilities: The Year Ends with an Alarming New Trend Read More »

LLMs can assist with vulnerability scoring, but context still matters

Artificial Intelligence, CVE, LLMs, News, research, vulnerability management / SecurityTicks

LLMs can assist with vulnerability scoring, but context still matters 2025-12-26 at 08:26 By Sinisa Markovic Every new vulnerability disclosure adds another decision point for already stretched security teams. A recent study explores whether LLMs can take on part of that burden by scoring vulnerabilities at scale. While the results show promise in specific areas,

LLMs can assist with vulnerability scoring, but context still matters Read More »

The Week in Vulnerabilities: More Than 2,000 New Flaws Emerge

vulnerability, vulnerability management / SecurityTicks

The Week in Vulnerabilities: More Than 2,000 New Flaws Emerge 2025-12-23 at 14:47 By Ashish Khaitan Cyble Vulnerability Intelligence researchers tracked 2,415 vulnerabilities in the last week, a significant increase over even last week’s very high number of new vulnerabilities. The increase signals a heightened risk landscape and expanding attack surface in the current threat environment. Over 300 of the disclosed vulnerabilities already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks.

The Week in Vulnerabilities: More Than 2,000 New Flaws Emerge Read More »