Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2025-47813 is an information disclosure vulnerability in Wing FTP Server that reveals the application's full installation path when attackers send an oversized UID cookie value. CISA added it to the Known Exploited Vulnerabilities (KEV) catalog in March 2026, indicating active exploitation in the wild.

Editor's note: This guest article by Tanium Senior Sirector, Product Management, Julia Grunewald was originally published in SC Media Exposure management has emerged as a powerful alternative to traditional vulnerability management for good reason. A proactive, always‑on security discipline that continuously identifies an organization’s exposures and prioritizes them based on risk helps us know where to best focus our limited resources.

A vulnerability assessment is a systematic process for identifying, classifying, and prioritizing security weaknesses across an organization's IT infrastructure, software, and hardware before attackers can exploit them.

Editor's note: The following guest contribution is by Tanium Domain Acrchitect, Jim Kelly Think about your last security event. Was your team confident nothing was missed? Were there questions about where else this could have left persistence? Most often we are left with uncertainty. That uncertainty can show up in every serious incident. An alert fires, the SOC responds. The immediate threat looks like it is contained.

Threat and vulnerability management (TVM) is a continuous, risk-based cybersecurity discipline that combines vulnerability assessment with threat intelligence to identify, prioritize, and remediate security weaknesses before attackers can exploit them. Rather than treating vulnerability scanning and threat detection as separate activities, TVM integrates both into a unified lifecycle that connects visibility, context, action, and validation.

AI compliance is a continuous, risk-based governance discipline that spans the entire AI lifecycle including data, models, and operations.

Executive Summary: The Notepad++ update process was compromised by a supply chain attack, and users are strongly advised to upgrade to version 8.8.9 or later to ensure their security.

A security patch is a software update that fixes a vulnerability (like an exploitable bug or design flaw) in software to protect it from cyberattacks. Applying security patches is an essential practice for bolstering cybersecurity, reducing risk, and ensuring compliance.

User-installable extensions for Visual Studio Code, Cursor, and other Integrated Development Environments are an increasingly exploited attack vector, with new malicious extensions discovered almost weekly. Do you have visibility and control?