vulnerability disclosure
Rise in IoT vulnerability disclosures, up 57%
Vulnerability disclosures impacting IoT devices increased by 57% in the first half (1H) of 2022 compared to the previous six months, according to a research by Claroty. The …
Researchers disclose 56 vulnerabilities impacting thousands of OT devices
Forescout’s Vedere Labs disclosed OT:ICEFALL, 56 vulnerabilities affecting devices from 10 operational technology (OT) vendors. This is one of the single largest …
A closer look at the SEC Cybersecurity Disclosure rule
In this Help Net Security video, James Turgal, VP of Cyber Risk, Strategy and Board Relations at Optiv, discusses the proposed new SEC Cybersecurity Disclosure rule. The …
Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)
A critical vulnerability (CVE-2022-30525) affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it. Discovered …
How to avoid headaches when publishing a CVE
You have discovered a vulnerability. Congratulations! So, what happens next? Finding a CVE (Common Vulnerabilities and Exposures) is the first step in a process which starts …
Strengthening the ability of public companies to combat cybersecurity threats
The National Association of Corporate Directors (NACD), SecurityScorecard and the Cyber Threat Alliance released a report that examines the U.S. Securities and Exchange …
The state of coordinated vulnerability disclosure policies in EU
The European Union Agency for Cybersecurity (ENISA) publishes a map of national coordinated vulnerability disclosure (CVD) policies in the EU Member States and makes …
ICS vulnerability disclosures surge 110% over the last four years
Industrial control system (ICS) vulnerability disclosures grew a staggering 110% over the last four years, with a 25% increase in the second half (2H) of 2021 compared to the …
28,695 vulnerabilities were disclosed in 2021 – the highest number on record
A total of 28,695 vulnerabilities were disclosed in 2021, according to a report from Risk Based Security. That total is the highest number on record, and it puts the amount of …
The Log4j debacle showed again that public disclosure of 0-days only helps attackers
On December 9, 2021, a (now deleted) tweet linking to a 0-day proof of concept (PoC) exploit (also now deleted) for the Log4Shell vulnerability on GitHub set the internet on …
CISA launches US federal vulnerability disclosure platform
Bug hunters who want to help the US federal government secure their online assets can now source all the relevant information from a vulnerability disclosure policy (VDP) …
5G network slicing vulnerability leaves enterprises exposed to cyberattacks
AdaptiveMobile Security today publicly disclosed details of a major security flaw in the architecture of 5G network slicing and virtualized network functions. The fundamental …
Featured news
Resources
Don't miss
- How to get better results from bug bounty programs without wasting money
- Hackers launch data leak site to extort 39 victims, or Salesforce
- Cl0p exploits Oracle E-Business Suite zero-day in data theft, extortion campaign (CVE-2025-61882)
- How to succeed at cybersecurity job interviews
- Meet ARGUS, the robot built to catch hackers and physical intruders