%term

How to Move Beyond Spreadsheets When Managing Vulnerabilities | Seemplicity

May 20, 2025 By Seemplicity In Seemplicity

Still managing vulnerabilities with spreadsheets? In this short video, discover why traditional methods fall short and how automated Remediation Operations (RemOps) can help you move beyond manual tracking, endless update chasing, and version chaos. Learn how modern security teams: Whether you're dealing with a growing backlog or struggling to scale your vulnerability management, this video shows you a better, faster way forward.

View Video

Seemplicity

Read more about How to Move Beyond Spreadsheets When Managing Vulnerabilities | Seemplicity

How external attack surface analysis enhances pen testing

May 19, 2025 By Marcus White In Outpost 24

Despite advancements in security, web applications are still a problem. Attackers target web applications because they’re exposed, complex, and not as well protected as they should be. According to Verizon1, web applications are the most prevalent attack vector, with exploitations of vulnerabilities increasing by 180% in 2024.

Read Post

Outpost 24

Read more about How external attack surface analysis enhances pen testing

Exploited! Ivanti EPMM Authentication Bypass & Remote Code Execution (CVE-2025-4427 & CVE-2025-4428)

May 18, 2025 By Amit Sheps In IONIX

Ivanti’s Endpoint Manager Mobile (EPMM, formerly MobileIron Core) just delivered an unpleasant one-two punch to defenders. Two fresh vulnerabilities—an authentication bypass (CVE-2025-4427) and an API-level remote-code-execution flaw (CVE-2025-4428)—can be chained to grant unauthenticated attackers full command execution on affected servers. Both issues are already being exploited in the wild, making rapid remediation essential. In this article.

Read Post

IONIX

Read more about Exploited! Ivanti EPMM Authentication Bypass & Remote Code Execution (CVE-2025-4427 & CVE-2025-4428)

Vulnerability transparency: strengthening security through responsible disclosure

May 16, 2025 By Sri Pulla In Cloudflare

In an era where digital threats evolve faster than ever, cybersecurity isn't just a back-office concern — it's a critical business priority. At Cloudflare, we understand the responsibility that comes with operating in a connected world. As part of our ongoing commitment to security and transparency, Cloudflare is proud to have joined the United States Cybersecurity and Infrastructure Security Agency’s (CISA) “Secure by Design” pledge in May 2024.

Read Post

Cloudflare

Read more about Vulnerability transparency: strengthening security through responsible disclosure

Zero-Day Vulnerability Report April 2025

May 16, 2025 By Indusface In Indusface

FIn April 2025, AppTrana detected 1,103 zero-days — and blocked every single one. Explore the full report to see how complete coverage looks.

View Video

Indusface

Read more about Zero-Day Vulnerability Report April 2025

SAP Zero-Day CVE-2025-31324: Unauthenticated RCE in NetWeaver VCFRAMEWORK

May 15, 2025 By Deepak Kumar Choudhary In Indusface

SAP disclosed a critical RCE vulnerability(CVE-2025-31324) on April 24, 2025, impacting the Visual Composer Framework in NetWeaver Application Server Java, version 7.50. This flaw poses a serious risk to enterprises relying on SAP NetWeaver for their mission-critical operations. Unauthenticated attackers can exploit this vulnerability to upload and run arbitrary files on SAP servers, potentially resulting in complete system compromise.

Read Post

Indusface

Read more about SAP Zero-Day CVE-2025-31324: Unauthenticated RCE in NetWeaver VCFRAMEWORK

INE Security Alert: Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense

May 14, 2025 By INE Security

INE Security, a global leader in hands-on cybersecurity training and certifications, today highlighted how ongoing real-world practice with the latest CVEs (Common Vulnerabilities and Exposures) is essential for transforming security teams from reactive to proactive defenders. With over 26,000 new CVEs documented in the past year, security teams are drowning in vulnerability alerts while facing exploit windows that have compressed to hours in many cases.

Read Post

Read more about INE Security Alert: Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense

OWASP Dependency Check: How Does It Work?

May 14, 2025 By Mend.io Communications In Mend

The Open Web Application Security Project (OWASP), is an online community that produces free, publicly available articles, methodologies, documentation, tools, and technologies in the field of web application security. Open source components have become an integral part of software development. According to Mend’s Risk Report, 96.8% of developers rely on open source components.

Read Post

Mend

Read more about OWASP Dependency Check: How Does It Work?

CVE-2025-32756: Exploitation of Critical Severity Zero-Day Vulnerability in Fortinet FortiVoice

May 13, 2025 By Julian Tuin In Arctic Wolf

On May 13, 2025, Fortinet published a security advisory on a critical severity stack-based overflow vulnerability, CVE-2025-32756, impacting FortiVoice, FortiCamera, FortiMail, FortiNDR, and FortiRecorder. The vulnerability allows remote unauthenticated threat actors to execute arbitrary code or commands via crafted HTTP requests. In the advisory Fortinet stated that the vulnerability has been exploited in the wild on FortiVoice.

Read Post

Arctic Wolf

Read more about CVE-2025-32756: Exploitation of Critical Severity Zero-Day Vulnerability in Fortinet FortiVoice

Bridging ASPM and Vulnerability Management for Scalable Application Security

May 13, 2025 By Nucleus Security In Nucleus

In this webinar, "Bridging ASPM and RBVM for Scalable AppSec," security leaders from Cycode and Nucleus explore how to unify application and infrastructure vulnerability management in complex, cloud-native environments.

View Video