%term

Alleged Cl0p Extortion Emails Linked to July 2025 Oracle E-Business Suite Vulnerabilities

Oct 3, 2025 By Andres Ramos In Arctic Wolf

On October 2, 2025, Oracle announced that some Oracle E-Business Suite (EBS) customers had received extortion emails. Oracle’s investigation revealed the potential use of vulnerabilities previously addressed in the July 2025 Critical Patch Update. The following nine vulnerabilities in EBS products were addressed in the July update. These vulnerabilities range from medium to high severity, with three potentially exploitable by remote, unauthenticated threat actors.

Read Post

Arctic Wolf

Read more about Alleged Cl0p Extortion Emails Linked to July 2025 Oracle E-Business Suite Vulnerabilities

Notepad++ DLL Hijacking (CVE-2025-56383): CVSS 8.4 or CVSS 0.0?

Oct 3, 2025 By Trustwave In Trustwave

A vulnerability on a popular source-code editor has been recently released along with a proof-of-concept (POC) exploit, but the security community isn’t so sure that it’s a legitimate flaw. In this article, we look at CVE-2025-56383, discuss what developers are saying in the wild, and provide our experts’ take on the issue.

Read Post

Trustwave

Read more about Notepad++ DLL Hijacking (CVE-2025-56383): CVSS 8.4 or CVSS 0.0?

CTEM Solutions Explained How to Build a Stack

Oct 2, 2025 By SecuritySenses In SecuritySenses

Vulnerability numbers are spiraling. Compliance checklists and point scans cannot keep pace. Continuous Threat Exposure Management (CTEM) provides security leaders with a practical approach to identify and mitigate real attack paths in real-time. This article explains what CTEM is, the solutions that enable it, and how to build a stack that actually shrinks exposure instead of counting it. CTEM solves the eternal problem of vulnerability management (too many vulnerabilities to ever fix) with a continuous program to find, validate, and reduce exposures before adversaries can use them.

Read Post

SecuritySenses

Read more about CTEM Solutions Explained How to Build a Stack

Web Application Firewalls (WAFs): A false sense of security?

Oct 1, 2025 By Love Andrén In Outpost 24

Web application firewalls (WAF) is a protection mechanism to help block potential malicious requests before they can reach the application itself. Often this is implemented as a proxy, intercepting HTTP requests, analyzing them, and finally deciding on an action. While effective, over relying on it could lead to a false sense of security that allows attackers to exploit unresolved internal issues.

Read Post

Outpost 24

Read more about Web Application Firewalls (WAFs): A false sense of security?

API Attack Awareness: Broken Object Level Authorization (BOLA) - Why It Tops the OWASP API Top 10

Oct 1, 2025 By Wallarm In Wallarm

For this Cybersecurity Awareness Month, we thought it important to draw attention to some of the most common and dangerous API vulnerabilities. This week, we’re starting with Broken Object Level Authorization (BOLA). BOLA vulnerabilities top the OWASP API Top Ten. And for good reason: they’re startlingly prevalent, remarkably easy to exploit, and can have devastating consequences. So, let’s explore what they are, why they matter, and how you can mitigate them.

Read Post

Wallarm

Read more about API Attack Awareness: Broken Object Level Authorization (BOLA) - Why It Tops the OWASP API Top 10

When Attackers Weaponize AI Webinar - The Energy Grid Attack Path

Sep 30, 2025 By Nucleus Security In Nucleus

As AI use grows, so does its dependency on the energy grid remaining up and running. This makes the energy grid a more likely target for future attacks.

View Video

Nucleus

Read more about When Attackers Weaponize AI Webinar - The Energy Grid Attack Path

How to Detect and Mitigate Zero-Day Vulnerabilities

Sep 30, 2025 By Daniel Ghillione In LevelBlue

Companies face more sophisticated, unpredictable cyber threats. Zero Day vulnerabilities are among the greatest risks, as these software flaws are unknown and exploited before a fix is available, potentially compromising thousands of organizations. Stopping zero-day attacks is a top priority for security teams, requiring faster identification, detection, and mitigation to prevent damage. But how do these attacks work, and what practices really help?

Read Post

LevelBlue

Read more about How to Detect and Mitigate Zero-Day Vulnerabilities

Understanding the OWASP AI Maturity Assessment

Sep 29, 2025 By Josh Breaker-Rolfe In Tripwire

Today, almost all organizations use AI in some way. But while it creates invaluable opportunities for innovation and efficiency, it also carries serious risks. Mitigating these risks and ensuring responsible AI adoption relies on mature AI models, guided by governance frameworks. The OWASP AI Maturity Assessment Model (AIMA) is one of the most practical. In this article, we’ll explore what it is, how it compares to other frameworks, and how organizations can use it to assess their AI maturity.

Read Post

Tripwire

Read more about Understanding the OWASP AI Maturity Assessment

The Value of a Robust Vulnerability Management Program

Sep 29, 2025 By Jeff Darrington In Graylog

Back before live security video feeds in homes, people would walk around at night checking to make sure they locked every window and door. They took these precautions because they knew that a single open lock gave burglars an opportunity to steal from them. For organizations, vulnerability management programs are a way to lock the doors against cybercriminals.

Read Post

Graylog

Read more about The Value of a Robust Vulnerability Management Program

Critical Vulnerability Alert: CVE-2025-10035 in GoAnywhere MFT

Sep 29, 2025 By Emma Stevens In BitSight

A critical security vulnerability (CVE-2025-10035) has been identified in GoAnywhere MFT, a widely used file transfer solution developed by Fortra. This software is commonly deployed to securely transfer sensitive data such as financial records, HR files, legal documents, and personally identifiable information (PII). Currently, CVE-2025-10035 is rated at a 10.0 (critical) on the CVSS scale and a 9.23 out of 10 on Bitsight’s Dynamic Vulnerability Exploit (DVE) scale.

Read Post