Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Security teams drowning in alerts, executives demanding business justification for security investments, and an attack surface that grows daily – sound familiar? While traditional vulnerability scanners excel at finding problems, they fall short when it comes to the critical question: which risks actually matter to your business? This is where cyber risk quantification and cyber risk scoring come in, transforming how organizations understand and respond to threats.

CrowdStrike has identified active exploitation of Git vulnerability CVE-2025-48384. In the observed activity, threat actors combined sophisticated social engineering tactics with malicious Git repository cloning operations. This targeted attack chain poses a substantial risk to organizations running unpatched Git installations.

Company overview: Mercato Solutions is one of EMEAs fastest growing and most innovative low-code enterprise application providers. Champion / Spokesperson: Neil Tonkin, CTO Mercato Solutions is one of EMEAs fastest growing and most innovative low-code enterprise application providers. The company helps their global clients transform their business processes with bespoke and branded software platforms, applications, and cloud environments that help work flow more efficiently and effectively.

AI was supposed to make our lives easier. Vendors promised it would cut through complexity, detect threats faster, and lighten the load on already overworked security teams. But if you’ve been paying attention, you know the truth: AI has given us more noise than ever. Corey Brunkow from Horizon3.ai joined Nucleus co-founder and CPO, Scott Kuffer, to unpack this problem during a recent webinar. AI helps attackers move faster, but on the defensive side, it’s created a flood of data.

In late 2025, a critical pre-authentication remote-code-execution vulnerability (tracked as CVE-2025-61882) in Oracle E-Business Suite (EBS)— specifically the Concurrent Processing / BI-Publisher integration — was exploited in a large-scale extortion/data-theft campaign attributed to the Cl0p/Clop extortion cluster. Attackers abused the flaw to run attacker-controlled XSLT/Java payloads, gain remote code execution on EBS application servers, and exfiltrate sensitive data for extortion.

Are you confident that you’re scanning for security vulnerabilities on all your software running in production? If this question makes you uncomfortable don’t worry. First, you’re not alone. Second – keep reading. Almost all security teams today face a massive challenge: they’re drowning in data but lack direction.

Code scanning is the process of automatically analyzing source code to identify potential security vulnerabilities, bugs, and other code quality issues. It’s a crucial part of secure application development, helping teams detect and fix problems early in the software development lifecycle. Code scanning tools mainly use static analysis methods (examining code without running it), in contrast to dynamic analysis tools which analyze applications while they are running.

XWorm malware reemerges with ransomware, Microsoft disrupts multiple threats targeting Teams, and Storm-1175 exploits a critical GoAnywhere MFT vulnerability.