%term

Human + AI: The Next Era of Snyk's Vulnerability Curation

Jul 14, 2025 By Tal Dromi In Snyk

Years ago, we published the blog post, “Why do organizations trust Snyk to win the open source security battle?” which laid out the methodology and practices for building the Snyk Vulnerability Database.

Read Post

Snyk

Read more about Human + AI: The Next Era of Snyk's Vulnerability Curation

PoC Available for High-Severity Arbitrary File Write in Git CLI (CVE-2025-48384)

Jul 14, 2025 By Andres Ramos In Arctic Wolf

Arctic Wolf Customer, Proof-of-concept exploit code is now available for a high-severity arbitrary file write vulnerability in Git, which poses a risk to developers who regularly work with third-party code. If Git is used in your environment, we recommend reviewing this security bulletin and taking immediate steps to mitigate the risk.

Read Post

Arctic Wolf

Read more about PoC Available for High-Severity Arbitrary File Write in Git CLI (CVE-2025-48384)

How to Check AI-Generated Code for Vulnerabilities

Jul 13, 2025 By Snyk In Snyk

How to Check AI-Generated Code for Vulnerabilities.

View Video

Snyk

Read more about How to Check AI-Generated Code for Vulnerabilities

Autonomous Vulnerability Remediation: Securing Web & API Apps Instantly

Jul 11, 2025 By Indusface In Indusface

One-third of critical and high vulnerabilities remain open for 180+ days from the time they are discovered. When it comes to business growth vs security, business always wins by prioritizing features over vulnerabilities. This gives hackers enough time to exploit the vulnerabilities, putting the organization at risk. However, most of these vulnerabilities can be virtually patched within a few hours using solutions like AppTrana's SwyftComply, with zero impact on business continuity.

View Video

Indusface

Read more about Autonomous Vulnerability Remediation: Securing Web & API Apps Instantly

Exploiting Public APP_KEY Leaks to Achieve RCE in Hundreds of Laravel Applications

Jul 10, 2025 By Guillaume Valadon In GitGuardian

Laravel APP_KEY leaks enable RCE via deserialization attacks. Collaboration with Synacktiv scaled findings to 600 vulnerable applications using 260K exposed keys from GitHub. Analysis reveals 35% of exposures coincide with other critical secrets including database, cloud tokens, and API credentials.

Read Post

GitGuardian

Read more about Exploiting Public APP_KEY Leaks to Achieve RCE in Hundreds of Laravel Applications

CVE-2025-25257: Critical Unauthenticated SQL Injection Vulnerability in FortiWeb

Jul 10, 2025 By Andres Ramos In Arctic Wolf

On July 8, 2025, Fortinet released fixes for a critical vulnerability in FortiWeb that could allow an unauthenticated threat actor to execute SQL commands via crafted HTTP or HTTPS requests, tracked as CVE-2025-25257. The flaw lies in the Graphical User Interface (GUI) component and stems from improper neutralization of special elements used in SQL statements. The vulnerability was discovered by a security researcher and responsibly disclosed to Fortinet.

Read Post

Arctic Wolf

Read more about CVE-2025-25257: Critical Unauthenticated SQL Injection Vulnerability in FortiWeb

CVE-2025-47812: Wing FTP Server Remote Code Execution Vulnerability Exploited in the Wild

Jul 10, 2025 By Julian Tuin In Arctic Wolf

On July 10, 2025, a technical article was published by Huntress revealing that a maximum severity remote code execution vulnerability in Wing FTP Server, CVE-2025-47812, had been actively exploited by threat actors as early as July 1, 2025. Details of the vulnerability had originally been published on June 30, 2025, providing a comprehensive breakdown of the flaw and how to exploit it.

Read Post

Arctic Wolf

Read more about CVE-2025-47812: Wing FTP Server Remote Code Execution Vulnerability Exploited in the Wild

Charlotte AI - Agentic Workflows: Vulnerability Impact Translation

Jul 9, 2025 By CrowdStrike In CrowdStrike

Vulnerabilities pile up fast, but which ones truly matter to your business? With Charlotte AI Agentic Workflows, CrowdStrike turns overwhelming technical data into business-ready intelligence so you can prioritize what really counts. By pulling real-time vulnerability insights from Falcon Exposure Management, Charlotte AI evaluates what systems are at risk, how many users could be impacted, and what services or revenue streams are on the line. In this demo, you’ll see how AI-driven reasoning translates CVEs and severity scores into clear business impact, no manual analysis required.

View Video

CrowdStrike

Read more about Charlotte AI - Agentic Workflows: Vulnerability Impact Translation

Bug bounty programs: Can you rely on them 100%?

Jul 8, 2025 By Marcus White In Outpost 24

It’s tempting to view bug bounty programs as a cheat code – an enticing shortcut to uncover vulnerabilities by tapping into the creativity of the global security community. Is there really any to invest in your own testing for vulnerabilities? But while these programs can surface critical flaws that traditional testing might miss, they’re inherently reactive and can be limited in scope.

Read Post

Outpost 24

Read more about Bug bounty programs: Can you rely on them 100%?

CVE-2016-10033: Detection and Response Guide for 2025

Jul 8, 2025 By Edward Kost In UpGuard

Almost a decade after its discovery, the critical remote code execution vulnerability known as CVE-2016-10033 continues to pose a significant threat to web applications worldwide. In this post, we explain why it's so dangerous and the essential steps to protect your systems from this critical exposure in 2025.

Read Post