Experimental News Clipping Site

Tag: vulnerability management practice

  • The Register: ‘An attacker’s playground:’ Crims exploit GoAnywhere perfect-10 bug

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/26/an_apts_playground_goanywhere_perfect10/ Source: The Register Title: ‘An attacker’s playground:’ Crims exploit GoAnywhere perfect-10 bug Feedly Summary: Researchers say tens of thousands of instances remain publicly reachable Security researchers have confirmed that threat actors have exploited the maximum-severity vulnerability affecting Fortra’s GoAnywhere managed file transfer (MFT), and chastised the vendor for a lack of transparency.……

  • The Register: Crims claim HexStrike AI penetration tool makes quick work of Citrix bugs

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/09/03/hexstrike_ai_citrix_exploits/ Source: The Register Title: Crims claim HexStrike AI penetration tool makes quick work of Citrix bugs Feedly Summary: LLMs and 0-days – what could possibly go wrong? Attackers on underground forums claimed they were using HexStrike AI, an open-source red-teaming tool, against Citrix NetScaler vulnerabilities within hours of disclosure, according to Check…

  • The Register: No login? No problem: Cisco ISE flaw gave root access before fix arrived, say researchers

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/07/24/no_login_no_problem_cisco_flaw/ Source: The Register Title: No login? No problem: Cisco ISE flaw gave root access before fix arrived, say researchers Feedly Summary: Shadowserver claims miscreants were already poking at a critical hole in early July, long before Switchzilla patched it Threat actors have actively exploited a newly patched vulnerability in Cisco’s Identity Services…

  • Cisco Talos Blog: Bloomberg Comdb2 null pointer dereference and denial-of-service vulnerabilities

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/bloomberg-comdb2-null-pointer-dereference-and-denial-of-service-vulnerabilities/ Source: Cisco Talos Blog Title: Bloomberg Comdb2 null pointer dereference and denial-of-service vulnerabilities Feedly Summary: Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Bloomberg Comdb2.  Comdb2 is an open source, high-availability database developed by Bloomberg. It supports features such as clustering, transactions, snapshots, and isolation. The implementation of the…

  • Infosecurity Magazine: European Vulnerability Database Launches Amid US CVE Chaos

    by

    Kurt Seifried
    in

    Source URL: https://www.infosecurity-magazine.com/news/european-vulnerability-database-us/ Source: Infosecurity Magazine Title: European Vulnerability Database Launches Amid US CVE Chaos Feedly Summary: European Vulnerability Database Launches Amid US CVE Chaos AI Summary and Description: Yes Summary: The European Union’s cybersecurity agency, ENISA, has officially launched a new vulnerability database initiative named the European Vulnerability Database (EUVD). This centralized hub is…

  • Anchore: The NVD Enrichment Crisis: One Year Later—How Anchore is Filling the Vulnerability Data Gap

    by

    Kurt Seifried
    in

    Source URL: https://anchore.com/blog/nvd-crisis-one-year-later/ Source: Anchore Title: The NVD Enrichment Crisis: One Year Later—How Anchore is Filling the Vulnerability Data Gap Feedly Summary: About one year ago, Anchore’s own Josh Bressers broke the story that NVD (National Vulnerability Database) was not keeping up with its vulnerability enrichment. This week, we sat down with Josh to see…

  • Alerts: CISA Adds One Known Exploited Vulnerability to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/04/01/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24813 Apache Tomcat Path Equivalence Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks…

  • Alerts: CISA Adds One Known Exploited Vulnerability to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/03/31/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose…

  • Alerts: CISA Adds One Known Exploited Vulnerability to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/03/27/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant…