%term

SAP Zero-Day CVE-2025-31324: Unauthenticated RCE in NetWeaver VCFRAMEWORK

May 15, 2025 By Deepak Kumar Choudhary In Indusface

SAP disclosed a critical RCE vulnerability(CVE-2025-31324) on April 24, 2025, impacting the Visual Composer Framework in NetWeaver Application Server Java, version 7.50. This flaw poses a serious risk to enterprises relying on SAP NetWeaver for their mission-critical operations. Unauthenticated attackers can exploit this vulnerability to upload and run arbitrary files on SAP servers, potentially resulting in complete system compromise.

Read Post

Indusface

Read more about SAP Zero-Day CVE-2025-31324: Unauthenticated RCE in NetWeaver VCFRAMEWORK

INE Security Alert: Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense

May 14, 2025 By INE Security

INE Security, a global leader in hands-on cybersecurity training and certifications, today highlighted how ongoing real-world practice with the latest CVEs (Common Vulnerabilities and Exposures) is essential for transforming security teams from reactive to proactive defenders. With over 26,000 new CVEs documented in the past year, security teams are drowning in vulnerability alerts while facing exploit windows that have compressed to hours in many cases.

Read Post

Read more about INE Security Alert: Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense

OWASP Dependency Check: How Does It Work?

May 14, 2025 By Mend.io Communications In Mend

The Open Web Application Security Project (OWASP), is an online community that produces free, publicly available articles, methodologies, documentation, tools, and technologies in the field of web application security. Open source components have become an integral part of software development. According to Mend’s Risk Report, 96.8% of developers rely on open source components.

Read Post

Mend

Read more about OWASP Dependency Check: How Does It Work?

CVE-2025-32756: Exploitation of Critical Severity Zero-Day Vulnerability in Fortinet FortiVoice

May 13, 2025 By Julian Tuin In Arctic Wolf

On May 13, 2025, Fortinet published a security advisory on a critical severity stack-based overflow vulnerability, CVE-2025-32756, impacting FortiVoice, FortiCamera, FortiMail, FortiNDR, and FortiRecorder. The vulnerability allows remote unauthenticated threat actors to execute arbitrary code or commands via crafted HTTP requests. In the advisory Fortinet stated that the vulnerability has been exploited in the wild on FortiVoice.

Read Post

Arctic Wolf

Read more about CVE-2025-32756: Exploitation of Critical Severity Zero-Day Vulnerability in Fortinet FortiVoice

Bridging ASPM and Vulnerability Management for Scalable Application Security

May 13, 2025 By Nucleus Security In Nucleus

In this webinar, "Bridging ASPM and RBVM for Scalable AppSec," security leaders from Cycode and Nucleus explore how to unify application and infrastructure vulnerability management in complex, cloud-native environments.

View Video

Nucleus

Read more about Bridging ASPM and Vulnerability Management for Scalable Application Security

The best network vulnerability scanning tool in 2025

May 13, 2025 By akash.mj@zohocorp.com In ManageEngine

Cyberthreats are evolving, and unpatched vulnerabilities remain one of the biggest security risks for organizations. According to IBM’s 2024 Cost of a Data Breach Report, organizations that fail to patch known vulnerabilities face an average loss of $4.45 million per incident. Cybercriminals actively exploit outdated firmware and misconfigurations in network devices, making network vulnerability scanners an essential security tool.

Read Post

ManageEngine

Read more about The best network vulnerability scanning tool in 2025

Snyk @ RSAC 2025

May 12, 2025 By Snyk Team In Snyk

At RSAC 2025, Snyk focused on the future of cybersecurity, particularly the impact of generative AI on software security. We connected with key leaders and partners to advance this discussion and anticipate further progress in 2025.

Read Post

Snyk

Read more about Snyk @ RSAC 2025

Leveling Up AppSec: Overcome Vulnerability Management Challenges in Game Development

May 12, 2025 By Kevin Swan In Seemplicity

Game development studios face enormous pressure to deliver immersive, high-performance experiences on a rigid schedule, all while ensuring that every release meets the highest standards for quality and security. For security teams, keeping up with fast-moving codebases, short release cycles, and a flood of vulnerabilities is no easy feat.

Read Post

Seemplicity

Read more about Leveling Up AppSec: Overcome Vulnerability Management Challenges in Game Development

Setting up a Database for MCP Server Analysis

May 10, 2025 By Snyk In Snyk

Setting up a Database for MCP Server Analysis.

View Video

Snyk

Read more about Setting up a Database for MCP Server Analysis

Exploited! SysAid On-Prem XML External Entity Vulnerability (CVE-2025-2775)

May 8, 2025 By Amit Sheps In IONIX

SysAid has patched a critical XML External Entity (XXE) flaw that lets unauthenticated attackers turn a routine /mdm check-in request into full administrator compromise—and, when chained with a newly disclosed command-injection bug, into remote code execution (RCE). The vulnerability, tracked as CVE-2025-2775, affects all SysAid On-Prem deployments up to 23.3.40 and is now fixed in 24.4.60.

Read Post