Zero-Day Vulnerabilities in September 2025
In September 2025, AppTrana detected 789 zero-days and blocked every single one. Explore the full report to see how complete coverage looks.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Risk-Based Vulnerability Management is the Engine Behind Modern CTEM Programs
Traditional vulnerability management once centered on scanning, enumerating, and remediating … and then repeating the process. In contrast, today’s enterprise attack surfaces shift by the hour. Cloud assets spin up and down. Business units deploy new SaaS tools overnight. Adversaries weaponize proof-of-concept exploits in days, or sometimes hours. Static, reactive processes can’t keep up.
Webinar: SafeBreach Validate + Propagate = Better Together
Webinar: SafeBreach Validate + Propagate = Better Together Discover how combining SafeBreach Validate and Propagate empowers security teams to continuously assess and strengthen their defenses. In this session, our experts will show how integrated breach and attack simulation (BAS) with automated attack path validation can help you.
CVE-2025-61882: Oracle E-Business Suite Under Mass Exploitation by Cl0p Ransomware
A critical CVE-2025-61882 Oracle E-Business Suite vulnerability is under active exploitation by the Cl0p ransomware group. This unauthenticated remote-code-execution (RCE) vulnerability — CVE-2025-61882 — in Oracle E-Business Suite (EBS) was patched by Oracle in October 2025 and is being actively exploited in the wild. Multiple security vendors attribute attacks to Cl0p/associated ransomware extortion campaigns and Oracle has published an emergency Security Alert.
Cl0p Exploits Critical Oracle E-Business Suite Zero-Day (CVE-2025-61882)
In October 2025, a critical zero-day vulnerability was disclosed in Oracle E-Business Suite (EBS), tracked as CVE202561882, which allows unauthenticated remote code execution (RCE). This vulneraility affects versions 12.2.3 through 12.2.14 and has already been actively exploited in the wild by the Cl0p ransomware group and potentially other threat actors.
SquareX Shows AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link Distribution
As AI Browsers rapidly gain adoption across enterprises, SquareX has released critical security research exposing major vulnerabilities that could allow attackers to exploit AI Browsers to exfiltrate sensitive data, distribute malware and gain unauthorized access to enterprise SaaS apps. The timing of this disclosure is particularly significant as major companies including OpenAI, Microsoft, Google and The Browser Company have announced or released their own AI browsers. With Chrome and Edge alone representing 70% of the browser market share, it is very likely that the majority of consumer browsers in the future will be AI Browsers.
Seemplicity Names Ron Gilboa as CFO to Accelerate Growth Strategy
Proven financial leader with repeat success scaling high-growth tech firms joins after $50M Series B.
Anatomy of a Modern Threat: Deconstructing the Figma MCP Vulnerability
Threat researchers recently disclosed a severe vulnerability in a Figma Model Context Protocol (MCP) server, as reported by The Hacker News. While the specific patch is important, the discovery itself serves as a critical wake-up call for every organization rushing to adopt AI. This incident provides a blueprint for a new class of attacks that target the very infrastructure powering the AI Agent Economy. To understand the risk, we must first look at the mechanics of this emerging threat.
CVE-2024-36401 - GeoServer - tailoring a public PoC to enable at-scale high-confidence detection
At Bitsight, one of the responsibilities of the Vulnerability Research team is to develop fingerprinting methods to not only identify exposed services, but also vulnerabilities in those services. When it comes to detecting vulnerabilities, there are increased challenges depending on the complexity of both the vulnerability and the vulnerable service.