%term

What are Zero-Day Attacks?

Apr 1, 2025 By Indusface In Indusface

A Zero-Day Attack occurs when hackers exploit a previously unknown vulnerability in software or hardware before the developer has a chance to fix it. These attacks are particularly dangerous because there is no defense in place when they occur. In this video, we explain how Zero-Day attacks work and how you can protect your systems from these hidden threats.

View Video

Indusface

Read more about What are Zero-Day Attacks?

Unsolved Challenge: Why API Access Control Vulnerabilities Remain a Major Security Risk

Mar 31, 2025 By Wallarm In Wallarm

Despite advancements in API security, access control vulnerabilities, such as broken object-level authentication (BOLA) and broken function-level authentication (BFLA), remain almost impossible to detect. This blog will explore why these vulnerabilities are so difficult to detect, the limitations of current security tools, and the implications for businesses relying on API-driven applications. It will also discuss potential approaches for improving API security posture.

Read Post

Wallarm

Read more about Unsolved Challenge: Why API Access Control Vulnerabilities Remain a Major Security Risk

CVE-2017-12637: Exploitation of SAP NetWeaver Directory Traversal Vulnerability

Mar 31, 2025 By Deepak Kumar Choudhary In Indusface

On March 19, 2025, the CISA issued a warning about the active exploitation of CVE-2017-12637, a directory traversal vulnerability in SAP NetWeaver AS Java. This vulnerability, originally patched in 2017, has resurfaced due to incomplete mitigations, leading to increased risks for organizations using outdated or misconfigured SAP environments.

Read Post

Indusface

Read more about CVE-2017-12637: Exploitation of SAP NetWeaver Directory Traversal Vulnerability

Why Vulnerability Management Is AI's Biggest Untapped Opportunity

Mar 31, 2025 By Kevin Swan In Seemplicity

The security industry has reached a turning point with AI. It’s no longer just hype, as AI has now become a critical part of day-to-day cybersecurity operations. According to The Rise of AI-Powered Vulnerability Management, the latest report from Seemplicity and Dark Reading, 86% of security teams now use some form of AI in their security stack. More than half of respondents say AI is already crucial to their work.

Read Post

Seemplicity

Read more about Why Vulnerability Management Is AI's Biggest Untapped Opportunity

The CRITICAL Next.js Vulnerability you NEED to be aware of...

Mar 31, 2025 By Snyk In Snyk

A major security flaw has been discovered in Next.js, potentially leaving thousands of applications vulnerable to attacks. In this video, we will be uncovering how this vulnerability was discovered, who is impacted by it and what you can do to secure your applications.

View Video

Snyk

Read more about The CRITICAL Next.js Vulnerability you NEED to be aware of...

Datadog and ISMG -- Securing the Cloud: Mitigating Vulnerabilities for US Public Sector

Mar 31, 2025 By Datadog In Datadog

View Video

Datadog

Read more about Datadog and ISMG -- Securing the Cloud: Mitigating Vulnerabilities for US Public Sector

Securing AI: How Mend.io & OWASP Are Making AI Safer for Enterprises #securitymanagement #shorts

Mar 29, 2025 By Mend In Mend

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

View Video

Mend

Read more about Securing AI: How Mend.io & OWASP Are Making AI Safer for Enterprises #securitymanagement #shorts

SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk

Mar 28, 2025 By SquareX

From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats to plague enterprises. Chainalysis estimates that corporations spend nearly $1 billion dollars on ransom each year, but the greater cost often comes from the reputational damage and operational disruption caused by the attack.

Read Post

Read more about SquareX Discloses Browser-Native Ransomware that Puts Millions at Risk

Kubernetes IngressNightmare Vulnerabilities: What You Need to Know

Mar 28, 2025 By CrowdStrike Engineering In CrowdStrike

We would like to recognize Amit Serper, Travis Lowe, Tony Gore, Adrian Godoy, Mihai Vasilescu, Suraj Sahu, Pablo Ramos, Raj Jammalamadaka, Lacie Griffin, and Josh Grunzweig for their contributions in authoring this publication. CrowdStrike is committed to protecting our customers from the latest disclosed vulnerabilities. We are actively monitoring activity surrounding “IngressNightmare,” the name given to recently identified vulnerabilities in the Kubernetes (K8s) ingress-nginx controller.

Read Post

CrowdStrike

Read more about Kubernetes IngressNightmare Vulnerabilities: What You Need to Know

Merge, Track, and Automate Your Asset Inventory with Nucleus

Mar 28, 2025 By Ryan Cribelar In Nucleus

All the major vulnerability scanning vendors have strengths, but asset tracking isn’t one of them. Some workarounds exist. However, if you are using one of the most popular vulnerability scanning tools, it’s likely you will struggle with asset tracking.

Read Post