Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Vulnerability Scanning and How It Works in Cyber Security?
Vulnerability scanning refers to the process of evaluating applications, APIs they consume, systems, networks, and cloud environments to identify and pinpoint vulnerabilities within your organization’s digital infrastructure. It involves using automated tools trained to scan for known CVEs, misconfigurations, and potential attack vectors. Vulnerability scanning today is more than just ticking checkboxes.
Credential Coercion Vulnerabilities in Ivanti Endpoint Manager
Multiple vulnerabilities have been discovered in Ivanti Endpoint Manager, affecting various file hashing functions. These vulnerabilities—CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159—allow credential coercion, which can lead to path traversal and potentially enable remote code execution (RCE).
SquareX Unveils Polymorphic Extensions that Morph Infostealers into Any Browser Extension - Password Managers, Wallets at Risk
With recent attack disclosures like Browser Syncjacking and extension infostealers, browser extensions have become a primary security concern at many organizations. SquareX's research team discovers a new class of malicious extensions that can impersonate any extension installed on the victim's browser, including password managers and crypto wallets.
What's Coming in Exposure Management and Remediation in 2025
In December 2024, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI) and International Partners published a guide for “protecting communications infrastructure” in response to the discovery that a stealthy Chinese government threat actor, Salt Typhoon, had infiltrated a number of US telecommunications firms.
Security Bulletin: Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion
On March 4, 2025, Broadcom, which acquired VMware in 2023, released security updates to fix three actively exploited vulnerabilities in VMware ESXi, Workstation, and Fusion that could result in code execution and information disclosure. CVE-2025-22224 is a critical TOCTOU (Time-of-Check Time-of-Use) race condition vulnerability that leads to an out-of-bounds write, allowing an attacker with administrative privileges on a virtual machine to execute code as the VMX process on the host.
Seal Security Joins Snyk Technology Alliance Partner Program
Seal Security Joins Snyk’s Technology Alliance Partner Program Seal Security is excited to announce that it has joined Snyk’s Technology Alliance Partner Program and is now listed in the Snyk Partner Solutions Directory. Together, Seal Security and Snyk provide a seamless integration and product experience for Snyk customers looking to streamline their open source vulnerability patching efforts.
Learn about API security risks with the new Snyk Learn Learning Path
Snyk Learn, our developer security education platform, now includes lessons on API security! Check out the new learning path that covers the OWASP Top 10 for API security risks. APIs power the modern web, connecting applications and services in ways that drive innovation and efficiency. However, with this interconnectivity comes significant security risks.