CVE-2025-68700

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.23.0, a low-privileged authenticated user normal login account can execute arbitrary system commands on the server host process via the frontend Canvas CodeExec component, completely bypassing sandbox...

OESA-2025-2855 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.27.0, a vulnerability allows attacker-controlled...

What is Continuous Threat Exposure Management? A Guide For CISOs and Vulnerability Teams

Traditional vulnerability management has taught us to look for weaknesses inside our own walls. But what if we flipped the script and started looking at our defenses from the outside in, just like an attacker does? Attackers don't care about CVSS scores; they care about pathways. They look for th...

CVE-2025-36755

The CleverDisplay BlueOne hardware player is designed with its USB interfaces physically enclosed and inaccessible under normal operating conditions. Researchers demonstrated that, after cicumventing the device’s protective enclosure, it was possible to connect a USB keyboard and press ESC during...

New Research: Multifunction Printer (MFP) Security Concerns within the Enterprise Business Environment

Multifunction printers MFPs do far more than print. They scan, email, fax, store, and authenticate. That convenience comes with risk. Our latest report, Understanding Multifunction Printer MFP Security within the Enterprise Business Environment, from Rapid7’s Deral Heiland, Principal Security...

Criminal IP to Host Webinar: Beyond CVEs – From Visibility to Action with ASM

Torrance, California, USA, 5th December 2025, CyberNewsWire...

COGNITION: From Evaluation to Defense against Multimodal LLM CAPTCHA Solvers

This paper studies how multimodal large language models MLLMs undermine the security guarantees of visual CAPTCHA. We identify the attack surface where an adversary can cheaply automate CAPTCHA solving using off-the-shelf models. We evaluate 7 leading commercial and open-source MLLMs across 18...

What Is Exposure Management? A Proactive Guide

Attackers don’t see your organization as a list of CVEs. They see a web of interconnected systems, looking for the path of least resistance to their target. They find one small weakness, then another, and chain them together to create a breach. So why would we defend our networks any differently?...

An Empirical Study on the Security Vulnerabilities of GPTs

Equipped with various tools and knowledge, GPTs, one kind of customized AI agents based on OpenAI's large language models, have illustrated great potential in many fields, such as writing, research, and programming. Today, the number of GPTs has reached three millions, with the range of specific...

What Does BAS Stand For? A Complete Guide

Running generic security tests is like studying for the wrong exam. You might be prepared for something, but not for the threats you’re most likely to face. To build a truly resilient defense, you need to test your controls against the specific tactics, techniques, and procedures that adversaries...

Securing the Model Context Protocol (MCP): Risks, Controls, and Governance

The Model Context Protocol MCP replaces static, developer-controlled API integrations with more dynamic, user-driven agent systems, which also introduces new security risks. As MCP adoption grows across community servers and major platforms, organizations encounter threats that existing AI...

7 Best Vulnerability Management Tools Compared

Let's be direct: if your team is drowning in a sea of CVEs and struggling to decide what to patch first, you're not alone. The sheer volume of vulnerabilities can feel overwhelming, leaving even the most skilled security teams stuck in a reactive cycle of chasing alerts. This is where modern...

6 Actionable Vulnerability Management Best Practices

Every unpatched vulnerability is more than just a technical flaw; it's a direct business risk. These security gaps are the entry points for breaches that lead to devastating financial losses, operational downtime, and long-term damage to your brand's reputation. When viewed through this lens,...

How Adversaries Exploit the Blind Spots in Your EASM Strategy

Internet-facing assets like domains, servers, or networked device endpoints are where attackers look first, probing their target’s infrastructure…...

6 Best CTEM Vendors: A Head-to-Head Comparison

Your team just ran a vulnerability scan and now you’re staring at a list of thousands of CVEs. The big question is, what do you fix first? Relying on CVSS scores alone doesn’t tell you which of these vulnerabilities are actually exploitable in your environment or which ones protect your most...

5 Exposure Management Best Practices for Your Team

Let's be honest: the traditional approach to vulnerability management is broken. Your team is likely drowning in a sea of alerts, staring at scan reports thousands of lines long, and struggling to figure out what to fix first. This constant state of reactive fire-fighting is exhausting and, worse...

[Webinar] Learn How Leading Security Teams Reduce Attack Surface Exposure with DASR

Every day, security teams face the same problem—too many risks, too many alerts, and not enough time. You fix one issue, and three more show up. It feels like you're always one step behind. But what if there was a smarter way to stay ahead—without adding more work or stress? Join The Hacker News...

Active Directory Under Siege: Why Critical Infrastructure Needs Stronger Security

Active Directory remains the authentication backbone for over 90% of Fortune 1000 companies. AD's importance has grown as companies adopt hybrid and cloud infrastructure, but so has its complexity. Every application, user, and device traces back to AD for authentication and authorization, making ...

9 Key Areas to Monitor for Potential Security Threats

The old "castle-and-moat" approach to security is a thing of the past. Your organization's perimeter is no longer a single, defensible line; it's a distributed and porous collection of remote employees, cloud services, and third-party vendors. Every connection is a potential entry point, and your...

What Is Attack Surface Mapping And Why It’s Critical To your Security Program

You might think an attack surface mapper is just another name for a vulnerability scanner, but they serve two very different purposes. A scanner tests the assets you already know about for specific weaknesses. An attack surface mapper answers a more fundamental question: What assets do I even hav...