%term

Understanding CVSS 4.0 and the Future of Vulnerability Scoring

Oct 30, 2025 By Corey Tomlinson In Nucleus

The Common Vulnerability Scoring System (CVSS) has been the industry’s go-to framework for assessing vulnerability severity for nearly two decades. It provides a standardized way to measure and communicate the technical impact of a vulnerability. As threat landscapes evolve and organizations mature in their vulnerability management practices, questions about its relevance and limitations persist. That even led to our co-founder, Scott Kuffer, writing a defense of the algorithm earlier this year.

Read Post

Nucleus

Read more about Understanding CVSS 4.0 and the Future of Vulnerability Scoring

CVSS 4.0 and its Evolving Role in Vulnerability Management

Oct 30, 2025 By Nucleus Security In Nucleus

Adam Dudley, Nucleus VP of Strategy and Alliances, provides some background on the Common Vulnerability Scoring System (CVSS) version 4.0 in this Nucleus conversation. He discusses the improvements made in the new version, the evolving role of CVSS in vulnerability management, the limitations practitioners face, and the future of scoring systems in the context of emerging technologies like AI. The conversation emphasizes the importance of context and quality inputs in effectively utilizing CVSS for risk assessment.

View Video

Nucleus

Read more about CVSS 4.0 and its Evolving Role in Vulnerability Management

Data Overload in the AI Era: Why Aggregation and Prioritization Are Non-Negotiable

Oct 16, 2025 By Corey Tomlinson In Nucleus

AI was supposed to make our lives easier. Vendors promised it would cut through complexity, detect threats faster, and lighten the load on already overworked security teams. But if you’ve been paying attention, you know the truth: AI has given us more noise than ever. Corey Brunkow from Horizon3.ai joined Nucleus co-founder and CPO, Scott Kuffer, to unpack this problem during a recent webinar. AI helps attackers move faster, but on the defensive side, it’s created a flood of data.

Read Post

Nucleus

Read more about Data Overload in the AI Era: Why Aggregation and Prioritization Are Non-Negotiable

Risk-Based Vulnerability Management is the Engine Behind Modern CTEM Programs

Oct 10, 2025 By Corey Tomlinson In Nucleus

Traditional vulnerability management once centered on scanning, enumerating, and remediating … and then repeating the process. In contrast, today’s enterprise attack surfaces shift by the hour. Cloud assets spin up and down. Business units deploy new SaaS tools overnight. Adversaries weaponize proof-of-concept exploits in days, or sometimes hours. Static, reactive processes can’t keep up.

Read Post

Nucleus

Read more about Risk-Based Vulnerability Management is the Engine Behind Modern CTEM Programs

When Attackers Weaponize AI Webinar - The Energy Grid Attack Path

Sep 30, 2025 By Nucleus Security In Nucleus

As AI use grows, so does its dependency on the energy grid remaining up and running. This makes the energy grid a more likely target for future attacks.

View Video

Nucleus

Read more about When Attackers Weaponize AI Webinar - The Energy Grid Attack Path

When Attackers Weaponize AI and Defenders Fight Back with Smarter Remediation

Sep 24, 2025 By Nucleus Security In Nucleus

Artificial intelligence is transforming cybersecurity, and not always for the better. Attackers are now weaponizing AI to speed up reconnaissance, create exploit code, and bypass traditional defenses. Security teams can’t afford to rely on outdated vulnerability management practices. In this webinar, Scott Kuffer (COO, Nucleus Security) and Corey Brunkow (Director of Federal Operations, Horizon3.ai) break down how AI is changing the threat landscape and what defenders can do to stay ahead.

View Video

Nucleus

Read more about When Attackers Weaponize AI and Defenders Fight Back with Smarter Remediation

Exploitability as the Countdown Clock: Prioritizing Vulnerabilities Before Time Runs Out

Sep 23, 2025 By Corey Tomlinson In Nucleus

In vulnerability management, every scan tells a story. The truth is that only some of those stories matter right now and that the challenge isn’t finding vulnerabilities. It’s knowing which ones are about to cost you. If you’re dealing with hundreds of vulnerabilities per asset, especially if you’ve adopted cloud solutions, you’re not alone. That’s become the norm. But you can’t patch everything, and you shouldn’t even try.

Read Post

Nucleus

Read more about Exploitability as the Countdown Clock: Prioritizing Vulnerabilities Before Time Runs Out

Operationalizing Exposure Remediation Across Teams

Sep 18, 2025 By Adam Dudley In Nucleus

Exposure management doesn’t end when you discover and prioritize vulnerabilities. The real measure of success is whether you’ve effectively remediated those exposures. Too often, security teams identify risks but struggle to see them resolved because remediation processes aren’t aligned across people, tools, and workflows. Exposure remediation best practices address this gap, ensuring that insights lead to action and that action drives measurable risk reduction.

Read Post

Nucleus

Read more about Operationalizing Exposure Remediation Across Teams

Nucleus Momentum Validated Across Three Industry Analyst Reports

Sep 11, 2025 By Tamir Hardof In Nucleus

It’s one thing for us to say Nucleus is changing how enterprises address vulnerability and exposure management. It’s another when three different analyst firms all say it, and at the same time. In recent weeks, Forrester, IDC, and GigaOm each published their latest market evaluations, recognizing Nucleus in all three. That’s rare validation in a market where many vendors don’t even make the cut for inclusion.

Read Post