CVE Disruption Threatens Foundations of Defensive Security
If the Common Vulnerabilities and Exposures system continues to face uncertainty, the repercussions will build slowly, and eventually the cracks will become harder to contain.
-
-
CVE Disruption Threatens Foundations of Defensive Security
If the Common Vulnerabilities and Exposures system continues to face uncertainty, the repercussions will build slowly, and eventually the cracks will become harder to contain.
-
Why CTEM is the Winning Bet for CISOs in 2025
Continuous Threat Exposure Management (CTEM) has moved from concept to cornerstone, solidifying its role as a strategic enabler for CISOs. No longer a theoretical framework, CTEM now anchors today’s cybersecurity programs by continuously aligning security efforts with real-world risk. At the heart of CTEM is the integration of Adversarial Exposure Validation (AEV), an advanced, offensive
-
Firefox Patches 2 Zero-Days Exploited at Pwn2Own Berlin with $100K in Rewards
Mozilla has released security updates to address two critical security flaws in its Firefox browser that could be potentially exploited to access sensitive data or achieve code execution. The vulnerabilities, both of which were exploited as a zero-day at Pwn2Own Berlin, are listed below – CVE-2025-4918 – An out-of-bounds access vulnerability when resolving Promise objects…
-
⚡ Weekly Recap: Zero-Day Exploits, Insider Threats, APT Targeting, Botnets and More
Cybersecurity leaders aren’t just dealing with attacks—they’re also protecting trust, keeping systems running, and maintaining their organization’s reputation. This week’s developments highlight a bigger issue: as we rely more on digital tools, hidden weaknesses can quietly grow. Just fixing problems isn’t enough anymore—resilience needs to be built into everything from the ground up.
-
Coinbase Extorted, Offers $20M for Info on Its Hackers
Coinbase is going Liam Neeson on its attackers, potentially setting a new precedent for incident response in the wake of crypto- and blockchain-targeting cyberattacks.
-
Australian Human Rights Commission Leaks Docs in Data Breach
An internal error led to public disclosure of reams of sensitive data that could be co-opted for follow-on cyberattacks.
-
Dynamic DNS Emerges as Go-to Cyberattack Facilitator
Scattered Spider and other phishers and hacking groups are using rentable subdomains from dynamic DNS providers to obfuscate their activity and impersonate well-known brands.
-
Attacker Specialization Puts Threat Modeling on Defensive
Specialization among threat groups poses challenges for defenders, who now must distinguish between different actors responsible for different facets of an attack.
-
How to Develop and Communicate Metrics for CSIRPs
A well-documented cybersecurity incident response program (CSIRP) provides the transparency needed for informed decision-making, protecting the organization in a constantly changing threat environment.