2025 Data Breach Investigations Report: Third-party breaches double
The exploitation of vulnerabilities has seen another year of growth as an initial access vector for breaches, reaching 20%, according to Verizon’s 2025 Data Breach …
Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824)
April 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 120+ vulnerabilities, including a zero-day (CVE-2025-29824) that’s under active attack. …
Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)
February 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 56 vulnerabilities, including two zero-days – CVE-2025-21418 and CVE-2025-21391 – under …
Microsoft fixes actively exploited Windows Hyper-V zero-day flaws
Microsoft has marked January 2025 Patch Tuesday with a hefty load of patches: 157 CVE-numbered security issues have been fixed in various products, three of which (in Hyper-V) …
What 2024 taught us about security vulnerabilties
From zero-day exploits to weaknesses in widely used software and hardware, the vulnerabilities uncovered last year underscore threat actors’ tactics and the critical …
Infosec products of the month: December 2024
Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, Cato Networks, Datadog, Fortinet, GitGuardian, Horizon3.ai, Netwrix, …
Microsoft fixes exploited zero-day (CVE-2024-49138)
On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by …
New infosec products of the week: December 6, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Datadog, Fortinet, Radiant Logic, Sweet Security, Tenable, and Veza. FortiAppSec …
Tenable Patch Management prevents problematic updates
Tenable released Tenable Patch Management, an autonomous patch solution built to close vulnerability exposures in a unified solution. A strategic partnership and integration …
PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)
Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress WhatsUp Gold, a popular …
Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287)
Oracle has released a security patch for CVE-2024-21287, a remotely exploitable vulnerability in the Oracle Agile PLM Framework that is, according to Tenable researchers, …
Zero-days dominate top frequently exploited vulnerabilities
A joint report by leading cybersecurity agencies from the U.S., UK, Canada, Australia, and New Zealand has identified the most commonly exploited vulnerabilities of 2023. …
Featured news
Resources
Don't miss
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)
- Skyhawk Security brings preemptive cloud app defense to RSAC 2025
- Understanding 2024 cyber attack trends
- Exposed and unaware: The state of enterprise security in 2025
- Coaching AI agents: Why your next security hire might be an algorithm