vulnerability management

From Dark Reading – Experts Optimistic about Secure by Design Progress

Secure by Design is an important step to reduce the number of vulnerabilities present originally, but is it progressing fast enough? Security experts Chris Wysopal and Jason Healey say things…

shaikh Saqib April 8, 2025

News

From Cyber Security News – CISA Warns of Cisco Smart Licensing Utility Credential Vulnerability Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Cisco vulnerability to its Known Exploited Vulnerabilities (KEV) catalog following confirmation of active exploitation in the wild. The flaw,…

shaikh Saqib April 1, 2025

News

From Security Week – Zero to Hero – A “Measured” Approach to Building a World-Class Offensive Security Program

[[{"value":"A strong security program will sometimes require substantial organizational and cultural changes around security practices, and inevitably, a higher cost. The post Zero to Hero – A “Measured” Approach to…

shaikh Saqib March 31, 2025

News

From The Hacker News – Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability

Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape. "Following the recent Chrome sandbox escape (

shaikh Saqib March 28, 2025

News

From Cyber Security News – CISA Warns of Google Chrome Zero-day Vulnerability Exploited in the Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent advisory regarding a critical zero-day vulnerability in Google Chrome that is actively being exploited in the wild. The vulnerability,…

shaikh Saqib March 28, 2025

News

From Dark Reading – Hoff’s Rule: People First

Dark Reading Confidential Episode 5: Christofer Hoff, chief secure technology officer at LastPass, shares the human side of the story of how he led his team through a major cyber…

shaikh Saqib March 28, 2025

News

From Cyber Security News – New Sophisticated Malware CoffeeLoader Bypasses Endpoint Security to Deploy Rhadamanthys Shellcode

Cybersecurity researchers have uncovered a sophisticated new malware strain targeting macOS systems, dubbed “CoffeeLoader,” which employs advanced techniques to bypass endpoint security solutions and deliver Rhadamanthys shellcode payloads. The malware…

shaikh Saqib March 27, 2025

News

From Dark Reading – Student-Powered SOCs Train Security’s Next Generation

University security operations centers that hire and train students are a boon to state and local governments while giving much-needed Tier 1 cybersecurity training to undergraduates. Read More

shaikh Saqib March 27, 2025

News

From The Hacker News – Hackers Repurpose RansomHub’s EDRKillShifter in Medusa, BianLian, and Play Attacks

A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that's designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used by RansomHub actors in

shaikh Saqib March 27, 2025

News

From The Hacker News – New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround

Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System (CVSS). "VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control," Broadcom said in an

shaikh Saqib March 26, 2025

News

From Dark Reading – Why Cyber Quality Is the Key to Security

The time to secure foundations, empower teams, and make cyber resilience the standard is now — because the cost of waiting is far greater than the investment in proactive security. Read…

shaikh Saqib March 21, 2025

News

From Cyber Security News – Critical Apache Tomcat RCE Vulnerability Exploited in Just 30hrs of Public Exploit

Security researchers have confirmed that a critical remote code execution (RCE) vulnerability in Apache Tomcat, tracked as CVE-2025-24813, is being actively exploited in the wild. The vulnerability, which enables attackers…

shaikh Saqib March 18, 2025

News

From Dark Reading – Volt Typhoon Strikes Massachusetts Power Utility

The prolonged attack, which lasted 300+ days, is the first known compromise of the US electric grid by the Voltzite subgroup of the Chinese APT; during it, the APT attempted…

shaikh Saqib March 12, 2025

News

From Dark Reading – Whopping Number of Microsoft Zero-Days Under Attack

The number of zero-day vulnerabilities getting patched in Microsoft's March update is the company's second-largest ever. Read More

shaikh Saqib March 12, 2025

Vulnerabilities

From Cybersecurity Help – Cyber Security Week in Review: March 07, 2025

In brief: Russian crypto exchange Garantex seized by police, the US charges Chinese hackers, major Western chatbots are spreading Russian propaganda, and more. Read More

shaikh Saqib March 7, 2025