vulnerability management

The Week in Vulnerabilities: More Than 2,000 New Flaws Emerge 

The Week in Vulnerabilities: More Than 2,000 New Flaws Emerge  2025-12-23 at 14:47 By Ashish Khaitan Cyble Vulnerability Intelligence researchers tracked 2,415 vulnerabilities in the last week, a significant increase over even last week’s very high number of new vulnerabilities. The increase signals a heightened risk landscape and expanding attack surface in the current threat environment.  Over 300 of the disclosed vulnerabilities already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks.  […]

The Week in Vulnerabilities: More Than 2,000 New Flaws Emerge  Read More »

Why vulnerability reports stall inside shared hosting companies

Why vulnerability reports stall inside shared hosting companies 2025-12-17 at 09:24 By Mirko Zorz Security teams keep sending vulnerability notifications, and the same pattern keeps repeating. Many alerts land, few lead to fixes. A new qualitative study digs into what happens after those reports arrive and explains why remediation so often stops short. The research

Why vulnerability reports stall inside shared hosting companies Read More »

Dux Emerges From Stealth Mode With $9 Million in Funding

Dux Emerges From Stealth Mode With $9 Million in Funding 2025-12-17 at 09:24 By Ionut Arghire The startup takes an agentic approach to preventing vulnerability exploitation by uncovering exposure across assets. The post Dux Emerges From Stealth Mode With $9 Million in Funding appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Dux Emerges From Stealth Mode With $9 Million in Funding Read More »

The Week in Vulnerabilities: Cyble Tracks New ICS Threats, Zero-Days, and Active Exploitation

The Week in Vulnerabilities: Cyble Tracks New ICS Threats, Zero-Days, and Active Exploitation 2025-12-16 at 11:38 By Ashish Khaitan Last week’s reports from Cyble Research & Intelligence Labs (CRIL) to clients highlighted new flaws from December 03 through December 09, 2025, including newly disclosed IT vulnerabilities, ICS vulnerabilities, active exploitation attempts, and dark-web discussions around weaponized CVEs. Drawing from CISA alerts, CRIL’s global sensor network, and Cyble’s vulnerability intelligence

The Week in Vulnerabilities: Cyble Tracks New ICS Threats, Zero-Days, and Active Exploitation Read More »

LLM vulnerability patching skills remain limited

LLM vulnerability patching skills remain limited 2025-12-11 at 08:47 By Sinisa Markovic Security teams are wondering whether LLMs can help speed up patching. A new study tests that idea and shows where the tools hold up and where they fall short. The researchers tested LLMs from OpenAI, Meta, DeepSeek, and Mistral to see how well

LLM vulnerability patching skills remain limited Read More »

The Week in Vulnerabilities: Cyble Urges D-Link, React Server Fixes

The Week in Vulnerabilities: Cyble Urges D-Link, React Server Fixes 2025-12-10 at 08:53 By Ashish Khaitan Cyble Vulnerability Intelligence researchers tracked 591 vulnerabilities in the last week, and more than 30 already have a publicly available Proof-of-Concept (PoC), significantly increasing the likelihood of real-world attacks on those vulnerabilities.  A total of 69 vulnerabilities were rated as critical under the CVSS v3.1 scoring system, while 26 received a critical severity

The Week in Vulnerabilities: Cyble Urges D-Link, React Server Fixes Read More »

Zero-Day to Zero-Hour: React2Shell (CVE-2025-55182) Becomes One of the Most Rapidly Weaponized RSC Vulnerability 

Zero-Day to Zero-Hour: React2Shell (CVE-2025-55182) Becomes One of the Most Rapidly Weaponized RSC Vulnerability  2025-12-10 at 08:53 By Ashish Khaitan The vulnerability disclosure cycle has entered a new era, one where the gap between publication and weaponization is measured in minutes, not days. It has been confirmed that China-nexus threat actors began actively exploiting a critical React Server Components flaw, React2Shell,

Zero-Day to Zero-Hour: React2Shell (CVE-2025-55182) Becomes One of the Most Rapidly Weaponized RSC Vulnerability  Read More »

Fragmented tooling slows vulnerability management

Fragmented tooling slows vulnerability management 2025-11-28 at 07:32 By Anamarija Pogorelec Security leaders know vulnerability backlogs are rising, but new data shows how quickly the gap between exposures and available resources is widening, according to a new report by Hackuity. Fragmented detection and slow remediation Organizations use a formalized approach to manage vulnerabilities, but their

Fragmented tooling slows vulnerability management Read More »

Enterprises are losing track of the devices inside their networks

Enterprises are losing track of the devices inside their networks 2025-11-06 at 08:37 By Sinisa Markovic Security teams are often surprised when they discover the range and number of devices connected to their networks. The total goes far beyond what appears in agent-based telemetry or old manual asset inventories. Enterprise networks face broader exposure from

Enterprises are losing track of the devices inside their networks Read More »

VulnRisk: Open-source vulnerability risk assessment platform

VulnRisk: Open-source vulnerability risk assessment platform 2025-11-05 at 09:07 By Anamarija Pogorelec VulnRisk is an open-source platform for vulnerability risk assessment. It goes beyond basic CVSS scoring by adding context-aware analysis that reduces noise and highlights what matters. The tool is free to use and designed for local development and testing. The platform’s scoring engine

VulnRisk: Open-source vulnerability risk assessment platform Read More »

Product showcase: Cogent Community democratizes vulnerability intelligence with agentic AI

Product showcase: Cogent Community democratizes vulnerability intelligence with agentic AI 2025-11-03 at 18:13 By Help Net Security The volume of threat intelligence data has grown exponentially, but the ability to interpret and act on it has not. Every day brings new CVE disclosures, exploit releases, and vendor advisories. Teams are buried under overlapping feeds, inconsistent

Product showcase: Cogent Community democratizes vulnerability intelligence with agentic AI Read More »

SAP zero-day wake-up call: Why ERP systems need a unified defense

SAP zero-day wake-up call: Why ERP systems need a unified defense 2025-10-17 at 08:52 By Help Net Security In this Help Net Security video, Paul Laudanski, Director of Research at Onapsis, discusses key lessons from the SAP zero-day vulnerability. He explains why business-critical systems like ERP and CRM remain top targets for attackers, since they

SAP zero-day wake-up call: Why ERP systems need a unified defense Read More »

Mondoo Raises $17.5 Million for Vulnerability Management Platform

Mondoo Raises $17.5 Million for Vulnerability Management Platform 2025-09-30 at 15:37 By Eduard Kovacs Mondoo has raised more than $32 million in total, with the latest funding round led by HV Capital.  The post Mondoo Raises $17.5 Million for Vulnerability Management Platform appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Mondoo Raises $17.5 Million for Vulnerability Management Platform Read More »

Behind the scenes of cURL with its founder: Releases, updates, and security

Behind the scenes of cURL with its founder: Releases, updates, and security 2025-09-18 at 09:01 By Mirko Zorz In this Help Net Security interview, Daniel Stenberg, lead developer od cURL, discusses how the widely used tool remains secure across billions of devices, from cloud services to IoT. He shares insights into cURL’s decades-long journey of

Behind the scenes of cURL with its founder: Releases, updates, and security Read More »

Cutting through CVE noise with real-world threat signals

Cutting through CVE noise with real-world threat signals 2025-09-04 at 09:02 By Sinisa Markovic CISOs are dealing with an overload of vulnerability data. Each year brings tens of thousands of new CVEs, yet only a small fraction ever become weaponized. Teams often fall back on CVSS scores, which label thousands of flaws as “high” or

Cutting through CVE noise with real-world threat signals Read More »

The top CTEM platforms you should know in 2025

The top CTEM platforms you should know in 2025 2025-08-14 at 08:02 By Help Net Security Continuous Threat Exposure Management (CTEM) is a modern cybersecurity strategy originally coined by Gartner analysts, which focuses on identifying, prioritizing, validating, and mobilizing teams to reduce threat exposure across an organization’s full attack surface. It’s in a category of

The top CTEM platforms you should know in 2025 Read More »

Energy companies are blind to thousands of exposed services

Energy companies are blind to thousands of exposed services 2025-08-07 at 07:02 By Anamarija Pogorelec Many of America’s largest energy providers are exposed to known and exploitable vulnerabilities, and most security teams may not even see them, according to a new report from SixMap. Researchers assessed the external attack surface of 21 major energy companies,

Energy companies are blind to thousands of exposed services Read More »

CISOs say they’re prepared, their data says otherwise

CISOs say they’re prepared, their data says otherwise 2025-08-06 at 08:02 By Sinisa Markovic Most security teams believe they can act quickly when a threat emerges. But many don’t trust the very data they rely on to do so, and that’s holding them back. A new Axonius report, based on a survey of 500 U.S.-based

CISOs say they’re prepared, their data says otherwise Read More »

Tonic Security Launches With $7 Million in Seed Funding

Tonic Security Launches With $7 Million in Seed Funding 2025-07-30 at 12:03 By Ionut Arghire Tonic Security has emerged from stealth mode to tackle the complexity of exposure and vulnerability management. The post Tonic Security Launches With $7 Million in Seed Funding appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original

Tonic Security Launches With $7 Million in Seed Funding Read More »

Root Evidence Launches With $12.5 Million in Seed Funding

Root Evidence Launches With $12.5 Million in Seed Funding 2025-07-28 at 15:39 By Ionut Arghire Root Evidence is developing fully integrated vulnerability scanning and attack surface management technology. The post Root Evidence Launches With $12.5 Million in Seed Funding appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Root Evidence Launches With $12.5 Million in Seed Funding Read More »

Scroll to Top