Big,Data.,Business,And,Digital,Technologies.,Data,Flow,In,A

Articles by Topic:

Vulnerability Management (VM)

Allianz data breach
Allianz Life Breach Exposes PII of 1.4 Million Customers in Social Engineering Attack
August 05, 2025
Allianz Life Insurance has experienced a catastrophic data breach affecting the personally identifiable information (PII) of 1.4 million customers, professionals, and employees of the company. The breach occurred via a social engineering attack that compromised…
Read More >
ToolShell SharePoint
Patch, Persist, Repeat: How ToolShell Is Bypassing SharePoint Defenses
July 22, 2025
A new zero-day exploit campaign is actively targeting Microsoft SharePoint Server, raising urgent concerns for enterprises running on-prem environments. Dubbed “ToolShell” by researchers at Ontinue, the attack chain enables unauthenticated remote code execution and has…
Read More >
CISA KEV exploited vulnerabilities
CISA Flags Four Actively Exploited Vulnerabilities—Some Nearly a Decade Old
July 15, 2025
On July 7, the Cybersecurity and Infrastructure Security Agency (CISA) added four new entries to its Known Exploited Vulnerabilities (KEV) catalog. What stands out about the vulnerabilities isn’t the number, it’s the age. The oldest…
Read More >
Brother devices printers vulnerabilities
Critical Vulnerabilities in Brother Devices Expose Millions to Remote Attacks
July 06, 2025
Security researchers at Rapid7 have disclosed eight newly discovered vulnerabilities affecting more than 689 models of Brother devices, including printers, scanners, and label makers. While these kinds of vulnerabilities rarely grab headlines, the scope of…
Read More >
Chrome extensions vulnerabilities
Popular Chrome Extensions Expose Users to Cyber Threats
June 30, 2025
It is tempting to believe that widely used browser extensions are required to follow strict security practices to protect users of popular browsers like Google Chrome, but this is not always the case. The ecosystem…
Read More >
Salesforce low-code vulnerabilities
Salesforce Industry Cloud Vulnerabilities Highlight Hidden Dangers of Low-Code Platforms
June 24, 2025
Low-code platforms like Salesforce’s Industry Cloud promise to speed up digital transformation by making it easier for organizations to build and deploy apps. With tools like OmniStudio, employees can quickly create workflows and interfaces tailored…
Read More >
Qualys Linux core dumps
New Vulnerabilities in Linux Core Dump Handlers Expose Password Hashes
June 23, 2025
Security researchers at Qualys have discovered two new vulnerabilities in popular Linux core dump handlers that could let local attackers extract sensitive data—including password hashes—from crashed programs. The flaws, tracked as CVE-2025-5054 and CVE-2025-4598, affect…
Read More >
European Union EUVD ENISA
EUVD Aims to Strengthen Cyber Resilience Through Interconnected Intelligence
May 28, 2025
Over time, and especially in recent years, IT environments and attack vectors have grown more and more complex, making it difficult for organizations to defend against rising threats. Multi-cloud environments, remote and hybrid working arrangements,…
Read More >
Commvault remote code execution
Critical Flaw in Commvault Exposes Command Center to Remote Code Execution
May 20, 2025
Data protection and data management software company Commvault is an industry leader in cloud data protection, providing cyber resilience solutions to thousands of organizations. Recently, a critical vulnerability was discovered in the Commvault Command Center,…
Read More >
Binary 1187198 1280
Zero-Day Suspected in SAP NetWeaver Attacks
May 13, 2025
A newly uncovered attack is targeting SAP NetWeaver systems. According to researchers at ReliaQuest, threat actors are exploiting what appears to be a previously unknown vulnerability to quietly drop lightweight JSP web shells onto fully…
Read More >
Chain 2364828 1280
When the Weakest Link Breaks: The Cleo Vulnerability Behind the Hertz Data Breach
May 09, 2025
Modern organizations are presented with an array of risks from all angles, including through partners, contractors, and other third parties. Interconnected and integrated technologies and supply chains open up many avenues for attackers to compromise…
Read More >
BeyondTrust Microsoft Vulnerabilities report
What Microsoft’s 2024 Vulnerability Data Reveals About Cybersecurity Priorities
May 07, 2025
Findings from BeyondTrust’s recently released 12th annual Microsoft Vulnerabilities Report reveal a complex and evolving threat landscape. As evidence, consider that in 2024, Microsoft reported the highest number of vulnerabilities it has ever had (1,360).…
Read More >
Erlang OTP SSH
Unpatched Erlang SSH Vulnerability Opens Door to Full System Takeover
May 02, 2025
Erlang/OTP plays a major role in telecom and distributed systems, enabling easy creation of concurrent, fault-tolerant, and robust systems. Erlang/OTP SSH is the most popular protocol for remote access management, and its compromise represents a…
Read More >
NIST CVE CVEs
NIST Pauses Enrichment for Pre-2018 CVEs: A Strategic Reset or a Risky Omission?
April 18, 2025
In a pivotal shift that could reshape how cybersecurity teams prioritize vulnerabilities, the National Institute of Standards and Technology (NIST) has announced it will deprioritize enrichment of all Common Vulnerabilities and Exposures (CVEs) published before…
Read More >
Volt Typhoon Chinese advanced persistent threat
How Volt Typhoon Infiltrated a Small US Power Grid
March 25, 2025
The threat group Volt Typhoon (also known as VOLTZITE) has been known to be active since 2021, representing an advanced persistent threat (APT) primarily to organizations in the United States. Alleged to be a Chinese…
Read More >
Broadcom VMware vulnerability
Exploited Zero-Day Vulnerabilities in VMware Products
March 17, 2025
Global tech leader Broadcom published a critical security advisory on March 4th, 2025, regarding three new zero-day vulnerabilities in VMware ESXi, Workstation, Fusion, and other products. With varying levels of severity, the vulnerabilities can enable…
Read More >
Salt Typhoon
Salt Typhoon Exploits Seven-Year-Old Flaw to Breach Major U.S. Telecoms
March 13, 2025
In late 2024, it was confirmed that a cyber espionage campaign perpetrated by a highly sophisticated Chinese-based threat actor infiltrated at least eight major telecommunications companies. The attacks gained access to Call Detail Records used…
Read More >
rsync vulnerabilities
Critical rsync Vulnerabilities Exposed: Over 660,000 Systems at Risk
February 12, 2025
On January 14, Google Cloud and other independent security researchers announced the discovery of six vulnerabilities in rsync, a widely used file synchronization tool. The most severe, CVE-2024-12084, is a buffer overflow flaw in the…
Read More >
Subscribe for the Latest News
Webinars
Scaling Code Security for Builders Beyond Developer-First
Register Now
Cyber Resilience in Action: How IBM and Index Engines Deliver a Detection-to-Recovery Pipeline
Register Now
Passwordless Authentication: A Practical Approach to Modernizing Access
Register Now