%term

Stating the Obvious: Vulns On the Rise in 2025

Jan 28, 2025 By Ben Edwards In BitSight

Happy New Year! As we usher in a year with some pleasant mathematical properties, I wanted to take a brief look back at one of the stories that was most interesting to me as a security data nerd from last year: our dependency on the National Institute of Standards and Technologies’s (NIST) National Vulnerability Database(NVD), and what the degradation in service has meant to the flow of information about new CVEs. TL:DR.

Read Post

BitSight

Read more about Stating the Obvious: Vulns On the Rise in 2025

AI-Powered Attacks Surge: 1,025% Jump in Vulnerabilities, 99% are API related

Jan 28, 2025 By SecuritySenses In SecuritySenses

Wallarm's 2025 API ThreatStats Report offers a sweeping look at how AI deployments drive a surge in security risks. In 2024, Wallarm researchers discovered 439 AI-related CVEs-up an astonishing 1,025% from the prior year. Nearly all these flaws, 99%, point back to insecure or mismanaged APIs.

Read Post

SecuritySenses

Read more about AI-Powered Attacks Surge: 1,025% Jump in Vulnerabilities, 99% are API related

How to Build a Production Ready npm Package (PART 2)

Jan 27, 2025 By Snyk In Snyk

Need help building your production ready npm package? Look no further! We go through a step by step guide showing you how to build, test and publish your npm package. If you haven't watched Part 1 yet, go watch that first, and then come back to Part 2!

View Video

Snyk

Read more about How to Build a Production Ready npm Package (PART 2)

The BEST way to check your npm package contents

Jan 25, 2025 By Snyk In Snyk

Watch the full video linked below for more...

View Video

Snyk

Read more about The BEST way to check your npm package contents

Arctic Wolf Observes Campaign Exploiting SimpleHelp RMM Software for Initial Access

Jan 24, 2025 By Andres Ramos In Arctic Wolf

On January 22, 2025, Arctic Wolf began observing a campaign involving unauthorized access to devices running SimpleHelp RMM software as an initial access vector. Roughly a week prior to the emergence of this campaign, several vulnerabilities had been publicly disclosed in SimpleHelp by Horizon3 (CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728).

Read Post

Arctic Wolf

Read more about Arctic Wolf Observes Campaign Exploiting SimpleHelp RMM Software for Initial Access

Use a scope name when building an npm package

Jan 23, 2025 By Snyk In Snyk

Watch the full video linked below for more...

View Video

Snyk

Read more about Use a scope name when building an npm package

CVE-2025-23006: Actively Exploited Vulnerability in SonicWall SMA1000 Appliances

Jan 23, 2025 By Julian Tuin In Arctic Wolf

On January 22, 2025, SonicWall published a security advisory detailing an actively exploited remote command execution vulnerability in SMA1000 appliances. The critical-severity vulnerability, CVE-2025-23006, is a pre-authentication deserialization of untrusted data vulnerability that has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). If exploited, it could allow unauthenticated remote threat actors to execute arbitrary OS commands.

Read Post

Arctic Wolf

Read more about CVE-2025-23006: Actively Exploited Vulnerability in SonicWall SMA1000 Appliances

Reviving DevSecOps: How Snyk's new framework builds trust and collaboration

Jan 23, 2025 By Ben Desjardins In Snyk

It’s been over a decade since DevSecOps was introduced as a transformative approach to software development, but adoption remains uneven. Despite its promise of seamless integration between development, security, and operations, only 38% of organizations report fully automating the addition of new projects, branches, or repositories into their security testing queues.

Read Post

Snyk

Read more about Reviving DevSecOps: How Snyk's new framework builds trust and collaboration

Taking a Threat Adapted Approach to Vulnerability Management

Jan 22, 2025 By Chris Jacob, VP and Will Baxter, Security Engineer In ThreatQuotient

As cyber threats continue to grow in complexity and frequency, vulnerability management requires more than just patching systems; it demands a dynamic, threat-adapted approach. As part of Cyber Rhino Threat Week (9-13th of December 2024) which aimed to inform, sharing threat intelligence insights and best practices with our customers, partners and industry ecosystem, we held a session that explored how integrating Threat Intelligence into Vulnerability Management can transform the way organisations prioritise and respond to risks.

Read Post