Artificial Intelligence Google DeepMind Unveils Framework to Exploit AI’s Cyber Weaknesses DeepMind found that current AI frameworks are ad hoc, not systematic, and fail to provide defenders with useful insights. Kevin TownsendApril 2, 2025
Cloud Security IngressNightmare Flaws Expose Kubernetes Clusters to Remote Hacking Critical remote code execution vulnerabilities found by Wiz researchers in Ingress NGINX Controller for Kubernetes. Eduard KovacsMarch 25, 2025
Government NIST Still Struggling to Clear Vulnerability Submissions Backlog in NVD The effects of the backlog are already being felt in vulnerability management circles where NVD data promises an enriched source of truth. Ryan NaraineMarch 24, 2025
Vulnerabilities Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution Organizations can align their processes with one of two global industry standards for self-assessment and security maturity—BSIMM and OWASP SAMM. Matias MadouMarch 13, 2025
Vulnerabilities OpenSSH Patches Vulnerabilities Allowing MitM, DoS Attacks The latest OpenSSH update patches two vulnerabilities, including one that enabled MitM attacks with no user interaction. Ionut ArghireFebruary 19, 2025
Vulnerabilities Chrome 132 Patches 16 Vulnerabilities Google has released Chrome 132 with fixes for 16 vulnerabilities, including multiple high-severity security defects. Ionut ArghireJanuary 15, 2025
Vulnerabilities Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities Nvidia, Zoom, and Zyxel have released patches for multiple high-severity vulnerabilities across their products. Ionut ArghireJanuary 15, 2025
Malware & Threats Snyk Says ‘Malicious’ NPM Packages Part of Research Project Apparently malicious NPM packages linked to Snyk raised some concerns, but the security firm clarified that it’s part of a research project. Eduard KovacsJanuary 14, 2025
Malware & Threats Ivanti Warns of New Zero-Day Attacks Hitting Connect Secure Product Ivanti confirms zero-day exploitation of a remotely exploitable code execution flaw in its Connect Security product line. Ryan NaraineJanuary 8, 2025
ICS/OT Cisco Says Flaws in Industrial Routers, BGP Tool Remain Unpatched 8 Months After Disclosure Cisco Talos has disclosed the details of apparently unpatched vulnerabilities in MC Technologies industrial routers and the GoCast BGP tool. Eduard KovacsDecember 10, 2024
Vulnerabilities Cisco Patches Critical Vulnerability in Data Center Management Product A critical-severity vulnerability in Cisco NDFC could allow attackers to execute commands with elevated privileges. Ionut ArghireOctober 3, 2024
Vulnerabilities Cisco Patches High-Severity Vulnerabilities in Network Operating System Cisco has announced security updates that patch eight vulnerabilities in IOS XR software, including six high-severity bugs. Ionut ArghireSeptember 12, 2024