vulnerability
-
Blog
Shifting left might improve software security, but developers are becoming overwhelmed – communication barriers, tool sprawl, and ‘vulnerability overload’ is causing serious headaches for development teams
Nearly half of enterprises are trying to “shift left” in a bid to shore up software security, but false positives, the faster pace of development thanks to AI, and challenges integrating tools are limiting success for developers. That’s according to research by AI security firm Pynt that focused on the adoption of shift left practices — referring to a strategy…
Read More » -
Blog
Google patches Chrome vulnerability used for account takeover and MFA bypass
“Unlike other browsers, Chrome resolves the Link header on subresource requests. But what’s the problem? The issue is that the Link header can set a referrer-policy. We can specify unsafe-url and capture the full query parameters,” he wrote. Link headers are used by websites to tell a browser about important page resources, for example, images, that it should preload. As…
Read More » -
Blog
The EU just launched its own vulnerability database
Cybersecurity experts have hailed the launch of the EU’s new vulnerability database as a positive step toward enhancing regional security. The new European Vulnerability Database (EUVD), unveiled by the ENISA, will provide organizations with a centralized platform aimed at providing up-to-date information on security flaws akin to MITRE’s CVE database. “The database provides aggregated, reliable, and actionable information such as…
Read More » -
Blog
MITRE’s near miss: Lessons learned for security and vulnerability management
In April, the MITRE Corporation’s Common Vulnerabilities and Exposures (CVEs) database was handed a last minute reprieve amid concerns over funding from the U.S. government. It had been a long and stressful day, with the security industry wondering whether MITRE’s database would be able to operate. This could have left many firms without a way to track security flaws and…
Read More » -
Blog
Businesses are taking their eye off the ball with vulnerability patching
Security leaders are overconfident in their organization’s security posture while allowing vulnerability patching to fall by the wayside, new research suggests. According to penetration testing firm Cobalt’s 2025 State of Pentesting Report , only 48% of exploitable vulnerabilities uncovered during penetration testing are fixed – although this increases to 69% for those that have a severity rating of high or…
Read More » -
Blog
Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’
Image: nicescene/Adobe Stock Microsoft has detected a zero-day vulnerability in the Windows Common Log File System (CLFS) being exploited in the wild to deploy ransomware. Target industries include IT, real estate, finance, software, and retail, with companies based in the US, Spain, Venezuela, and Saudi Arabia. The vulnerability, tracked as CVE-2025-29824 and rated “important,” is present in the CLFS kernel…
Read More » -
Blog
Apple Passwords App Vulnerability Exposed Users for Months
Apple’s Passwords app, designed to enhance security for iOS users, ironically left them vulnerable to phishing attacks for nearly three months. Security researchers recently revealed that the flaw exposed sensitive information, raising concerns about cybersecurity risks — even with trusted software. The vulnerability explained Researchers at Mysk identified the flaw, which stemmed from the app’s use of unencrypted HTTP connections…
Read More » -
Blog
Cisco IOS XR vulnerability lets attackers crash BGP on routers
Cisco has patched a denial of service (DoS) vulnerability that lets attackers crash the Border Gateway Protocol (BGP) process on IOS XR routers with a single BGP update message. IOS XR runs on the company’s carrier-grade, Network Convergence System (NCS), and Carrier Routing System (CRS) series of routers, such as the ASR 9000, NCS 5500, and 8000 series. This high-severity flaw (tracked as CVE-2025-20115) was found…
Read More » -
Blog
Everything you need to know about the Microsoft Power Pages vulnerability
A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild. The company noted that it has remedied the high severity flaw associated with how the SaaS platform handles access permissions and potentially leaving a backdoor for malicious actors. CVE-2025-24989 is described as an improper access vulnerability in…
Read More » -
Blog
Vulnerability management complexity is leaving enterprises at serious risk
Most organizations are failing to remediate critical vulnerabilities quickly enough, with nearly seven-in-ten saying it takes them more than 24 hours. According to new research from Swimlane, fragmented data from multiple scanners, siloed risk scoring, and poor cross-team collaboration means organizations are increasingly exposed to breaches, compliance failures, and financial penalties. Michael Lyborg, CISO at Swimlane, said this confluence of…
Read More »