%term

If CVE Fails, We Can Finally Start Focusing on the Fixes Rather Than the Vulnerabilities

Apr 21, 2025 By Ravid Circus In Seemplicity

The recent financial crisis surrounding MITRE and the CVE program has sent shockwaves through the cybersecurity industry. For decades, CVEs have been the de facto index of software vulnerabilities. They’ve structured how we communicate, prioritize, and track issues across the ecosystem. But now, with their future uncertain, we’re forced to ask: what if the CVE system collapses? And more importantly—what should come next?

Read Post

Seemplicity

Read more about If CVE Fails, We Can Finally Start Focusing on the Fixes Rather Than the Vulnerabilities

Can OpenAI's GPT 4.1 Write Secure Code?

Apr 21, 2025 By Snyk In Snyk

In this video, I put OpenAI's latest model, ChatGPT-4.1, to the test to see if it can generate secure code. Can AI really help us write safer, bug-free applications? Or does it still fall into common security pitfalls like SQL injection, XSS, and insecure auth flows? Stay tuned to find out!

View Video

Snyk

Read more about Can OpenAI's GPT 4.1 Write Secure Code?

Why Do You Need an Automated VAPT Tool? (5 Alarming Signs)

Apr 21, 2025 By Raghunandan J In Appknox

Imagine waking up to news that your company’s data has been leaked, your customers' trust is shattered, and your brand’s reputation is in tatters. Cybercriminals don’t wait for you to react—they exploit vulnerabilities the moment they find them. You're already playing a dangerous game if your security measures are outdated or reactive.

Read Post

Appknox

Read more about Why Do You Need an Automated VAPT Tool? (5 Alarming Signs)

Golden Image Configuration with Falcon Exposure Management

Apr 19, 2025 By CrowdStrike In CrowdStrike

When configuration drift creeps in, it can lead to inconsistent environments, audit delays, and security gaps. With Golden Image in Falcon Exposure Management, teams can quickly establish a secure baseline and replicate it across the organization. This demo walks through how to set up a policy, assign a rule group, and use a template image to automatically pre-configure benchmark settings. You’ll see how easy it is to detect misconfigurations, fine-tune rules to match your standards, and stay ahead of compliance requirements.

View Video

CrowdStrike

Read more about Golden Image Configuration with Falcon Exposure Management

Powering Down Vulnerability: Securing the Energy Sector's Supply Chain

Apr 18, 2025 By Javvad Malik In KnowBe4

The energy sector stands as a critical pillar of our society. From the electricity powering our homes to the fuel driving our industries, reliable energy is essential. However, the very interconnectedness that makes the energy sector so vital also exposes it to significant vulnerabilities, particularly within its supply chain. The Interconnected Web of Energy The energy sector is a complex web of systems, stretching far beyond power plants and wind farms.

Read Post

KnowBe4

Read more about Powering Down Vulnerability: Securing the Energy Sector's Supply Chain

Credential Access Campaign Targeting SonicWall SMA Devices Potentially Linked to Exploitation of CVE-2021-20035

Apr 17, 2025 By Andres Ramos In Arctic Wolf

On April 15, 2025, SonicWall published a product notice regarding CVE-2021-20035, a vulnerability impacting SonicWall SMA 100 series appliances. In an updated security advisory for the vulnerability, SonicWall indicated on April 15, 2025 that the vulnerability was being exploited in the wild. The vulnerability was added to CISA’s known exploited vulnerabilities (KEV) catalog the following day.

Read Post

Arctic Wolf

Read more about Credential Access Campaign Targeting SonicWall SMA Devices Potentially Linked to Exploitation of CVE-2021-20035

Security Bulletin: Critical Apache Roller Vulnerability Enables Unauthorized Session Persistence

Apr 17, 2025 By Lauren Farrell In Centripetal

CVE-2025-24859 is a critical security vulnerability in Apache Roller, a Java-based web application used for blogging and content management, that allows unauthorized session reuse due to insufficient session expiration after a user’s password is changed. Notably, the application fails to invalidate active user sessions upon password modification, irrespective of whether the change is initiated by the user or an administrative entity.

Read Post

Centripetal

Read more about Security Bulletin: Critical Apache Roller Vulnerability Enables Unauthorized Session Persistence

SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions

Apr 16, 2025 By SquareX

SquareX researchers Jeswin Mathai and Audrey Adeline will be disclosing a new class of data exfiltration techniques at BSides San Francisco 2025. Titled "Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out", the talk will demonstrate multiple data splicing techniques that will allow attackers to exfiltrate any sensitive file or clipboard data, completely bypassing major Data Loss Protection (DLP) vendors listed by Gartner by exploiting architectural vulnerabilities in the browser.

Read Post

Read more about SquareX to Uncover Data Splicing Attacks at BSides San Francisco, A Major DLP Flaw that Compromises Data Security of Millions

The Future of CVE Is at Risk-What the End of MITRE's Role Could Mean for Cybersecurity

Apr 16, 2025 By Ben Hirschberg In ARMO

With DHS ending MITRE’s CVE funding, the future of global vulnerability tracking is uncertain. Here’s what it means for security teams and what comes next.

Read Post

ARMO

Read more about The Future of CVE Is at Risk-What the End of MITRE's Role Could Mean for Cybersecurity

Snyk's Statement on the MITRE CVEs Program Funding Update

Apr 16, 2025 By Danny Allan In Snyk

Over the past several days, the cybersecurity community has watched closely as uncertainty swirled around the future of the MITRE-run CVE (Common Vulnerabilities and Exposures) program following a letter to its board of directors that its federal funding could abruptly end. As of this blog posting, news outlets like Reuters are reporting that a last-minute extension has been granted, providing temporary relief.

Read Post