This Security Package Looks Useful... But Should You Trust It?
This Security Package Looks Useful… But Should You Trust It?
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Thousands of WordPress Sites at Risk After Gravity Forms Breach
A critical vulnerability in the popular Gravity Forms WordPress plugin has led to widespread malware injections across thousands of sites. The flaw is being actively exploited by threat actors, some of whom are inserting backdoors and malicious JavaScript into WordPress sites to carry out data theft, SEO poisoning, and client-side attacks.
SquareX Collaborates with Top Fortune 500 CISOs to Launch The Browser Security Field Manual at Black Hat
SquareX announced the official launch of The Browser Security Field Manual at Black Hat USA 2025. In addition to a comprehensive practical guide to the latest TTPs attackers are using to target employees in the browser, this comprehensive manual features industry perspectives from leading CISOs from multiple Fortune 500 enterprises and other iconic companies, who share their perspectives on the evolving browser security landscape, the importance of each threat vector, and how they expect these attacks to evolve in the near future. Major contributors include.
Best Practices for Aggregating and Normalizing Exposure Data
In our first article exploring vulnerability management vs. exposure management, we explored the growing recognition that exposure management is not just a rebranding of vulnerability management. Rather, it’s a strategic evolution. Where traditional vulnerability management often focuses narrowly on CVEs and technical severity, exposure management demands a broader, more integrated understanding of risk across assets, environments, and attack vectors.
Cursor Agents Code Remotely (and while you sleep...)
Cursor Agents Code Remotely (and while you sleep...)
Critical Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC
On June 25, 2025, Cisco disclosed two critical vulnerabilities affecting Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). Tracked as CVE-2025-20281 and CVE-2025-20282, these flaws enable unauthenticated remote attackers to execute arbitrary commands as the root user via exposed HTTPS APIs. CVE-2025-20281 arises from insufficient validation of user-supplied input in a public API, allowing crafted requests to trigger remote code execution.
CompassDRP Social Media integration: Six real-world use cases
Social media can work both for and against an organization, so it’s worth treating these sites as extensions of your attack surface. CompassDRP’s Social Media integration continuously monitors both corporate and employee profiles across platforms such as Twitter, LinkedIn, and Facebook. It automatically flags unauthorized or impersonating accounts that mimic executive identities or misuse company branding, helping to thwart phishing and fraud campaigns before they gain traction.
Vulnerability Impact Translation with Falcon Exposure Management
This demo shows how Charlotte AI transforms raw vulnerability data from Falcon Exposure Management into a CISO-ready report. By pulling enriched insights from Next-Gen SIEM—like ExPRT.AI scores and asset criticality—the workflow translates technical signals into business risk. The result: a clear, automated email that highlights key trends, impacted systems, and actionable remediation paths. CrowdStrike Exposure Management.
Addressing Recent Vulnerabilities and Our Commitment to Security
At CyberArk, the trust and security of our customers are at the heart of everything we do. Today, July 15th, we are addressing the publication of several Common Vulnerabilities and Exposures (CVEs) related to CyberArk Secrets Manager, Self-Hosted (formerly Conjur Enterprise) and Conjur Open Source (OSS). We regret the challenges this situation may pose to our customers and reaffirm our commitment to supporting them through the resolution process.
What Over 2 Million Assets Reveal About Industry Vulnerability
Today we’re releasing findings from a statistical sample of over 2 million internet-exposed assets, across on-prem, cloud, APIs, and web apps, discovered and analyzed by the CyCognito platform.