The Crowded Battle: Key Insights from the 2025 State of Pentesting Report

In the newly released 2025 State of Pentesting Report, Pentera surveyed 500 CISOs from global enterprises 200 from within the USA to understand the strategies, tactics, and tools they use to cope with the thousands of security alerts, the persisting breaches and the growing cyber risks they have ...

Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products

Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023 but an increase from 63 the year before. Of the 75 zero-days, 44% of them targeted enterprise products. As many as 20 flaws were identified in security software and appliances...

Simplified and Secure MCP Gateways for Enterprise AI Integration

The increased adoption of the Model Context Protocol MCP for AI Agents necessitates robust security for Enterprise integrations. This paper introduces the MCP Gateway to simplify self-hosted MCP server integration. The proposed architecture integrates security principles, authentication, intrusio...

CVE-2025-2517

Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager...

CVE-2025-2517 Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager

Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager...

CVE-2025-2517

Technical details about CVE-2025-2517 are not publicly available in the provided documents. Monitoring for updates from vendors and security feeds is advised.

OpenText ArcSight Enterprise Security Manager 安全漏洞

OpenText ArcSight Enterprise Security Manager is a powerful and adaptable SIEM from OpenText Canada that provides comprehensive data collection and real-time threat analysis. A security vulnerability exists in OpenText ArcSight Enterprise Security Manager that stems from referencing an expired...

Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds

Everybody knows browser extensions are embedded into nearly every user's daily workflow, from spell checkers to GenAI tools. What most IT and security people don't know is that browser extensions' excessive permissions are a growing risk to organizations. LayerX today announced the release of the...

Gcore Super Transit Brings Advanced DDoS Protection and Acceleration for Superior Enterprise Security and Speed

Luxembourg, Luxembourg, 9th April 2025, CyberNewsWire...

AI Adoption in the Enterprise: Breaking Through the Security and Compliance Gridlock

AI holds the promise to revolutionize all sectors of enterpriseーfrom fraud detection and content personalization to customer service and security operations. Yet, despite its potential, implementation often stalls behind a wall of security, legal, and compliance hurdles. Imagine this...

CVE-2019-3628

Privilege escalation in McAfee Enterprise Security Manager ESM 11.x prior to 11.2.0 allows authenticated user to gain access to a core system component via incorrect access control...

CVE-2019-3631

Command Injection vulnerability in McAfee Enterprise Security Manager ESM prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters...

CVE-2019-3632

Directory Traversal vulnerability in McAfee Enterprise Security Manager ESM prior to 11.2.0 and prior to 10.4.0 allows authenticated user to gain elevated privileges via specially crafted input...

CVE-2019-3630

Command Injection vulnerability in McAfee Enterprise Security Manager ESM prior to 11.2.0 and prior to 10.4.0 allows authenticated user to execute arbitrary code via specially crafted parameters...

CVE-2019-3629

Application protection bypass vulnerability in McAfee Enterprise Security Manager ESM prior to 11.2.0 and prior to 10.4.0 allows unauthenticated user to impersonate system users via specially crafted parameters...

Ivanti Avalanche Path Traversal Vulnerability

Ivanti Avalanche is an enterprise mobile device management MDM solution for managing devices such as smartphones, tablets, and industrial mobile computers to ensure their security, availability, and accessibility. Ivanti Avalanche suffers from a path traversal vulnerability that can be exploited ...

MITRE ATT&CK 2024 Results for Enterprise Security

Enterprise 2024 will incorporate multiple, smaller emulations for a more nuanced and targeted evaluation of defensive capabilities. We’re excited to offer two distinct adversary focus areas: Ransomware targeting Windows and Linux, and the Democratic People's Republic of Korea's targeting macOS...

Secure Your Generative Investments: Qualys Advances Enterprise TruRisk Platform with Qualys TotalAI to Protect Your LLM Investments

Artificial intelligence AI and large language models LLMs are reshaping industries, streamlining enterprise operations, and fueling unprecedented innovation. However, as adoption accelerates, so do the associated risks. While 70% of enterprises plan to deploy LLMs in production within the next 12...

CVE-2024-11482

A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user...

PT-2024-9163 · Trellix · Trellix Enterprise Security Manager

Name of the Vulnerable Software and Affected Versions: Trellix Enterprise Security Manager ESM version 11.6.10 Description: A vulnerability in the system allows unauthenticated access to the internal Snowservice API, leading to improper handling of path traversal and insecure forwarding to an AJP...