Lucene search
K

371 matches found

CNNVD
CNNVD
added 2025/07/05 12:0 a.m.5 views

Dradis 安全漏洞

Dradis is a suite of reporting and collaboration tools for information security teams. A security vulnerability exists in Dradis 4.16.0 and prior versions that stems from allowing references to external images, which could lead to the theft of Net-NTLM hashes from other users on a Windows domain...

4.3CVSS6.3AI score0.00227EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/07/03 10:30 a.m.8 views

The Hidden Weaknesses in AI SOC Tools that No One Talks About

If you're evaluating AI-powered SOC platforms, you've likely seen bold claims: faster triage, smarter remediation, and less noise. But under the hood, not all AI is created equal. Many solutions rely on pre-trained AI models that are hardwired for a handful of specific use cases. While that might...

7.3AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2025/07/01 5:0 p.m.10 views

Planning your move to Microsoft Defender portal for all Microsoft Sentinel customers

In November 2023, Microsoft announced our strategy to unify security operations by bringing the best of XDR and SIEM together. Our first step was bringing Microsoft Sentinel into the Defender portal, giving teams a single, comprehensive view of incidents, reducing queue management, enriched threa...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/06/19 11:25 a.m.9 views

Secure Vibe Coding: The Complete New Guide

DALL-E for coders? That's the promise behind vibe coding, a term describing the use of natural language to create software. While this ushers in a new era of AI-generated code, it introduces "silent killer" vulnerabilities: exploitable flaws that evade traditional security tools despite perfect...

7.8AI score
Exploits0
Talos Blog
Talos Blog
added 2025/06/12 6:1 p.m.9 views

Know thyself, know thy environment

Welcome to this week's edition of the Threat Source newsletter. This week, I'm coming to you from Cisco Live in San Diego where I've just talked to a room that some of you may have been in, so writing this feels a bit surreal. It's really hard to try and write a cogent newsletter with all that's...

8.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/08 12:0 a.m.10 views

MARVEL: Multi-Agent RTL Vulnerability Extraction Using Large Language Models

Hardware security verification is a challenging and time-consuming task. For this purpose, design engineers may utilize tools such as formal verification, linters, and functional simulation tests, coupled with analysis and a deep understanding of the hardware design being inspected. Large Languag...

7.3AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/06/05 3:31 p.m.256 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 26, 2025 to June 1, 2025)

In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. Last week, there were 65 vulnerabilities disclosed in 60 WordPress Plugin...

10CVSS8.7AI score0.02101EPSS
Exploits6
The Hacker News
The Hacker News
added 2025/05/20 11:0 a.m.17 views

The Crowded Battle: Key Insights from the 2025 State of Pentesting Report

In the newly released 2025 State of Pentesting Report, Pentera surveyed 500 CISOs from global enterprises 200 from within the USA to understand the strategies, tactics, and tools they use to cope with the thousands of security alerts, the persisting breaches and the growing cyber risks they have ...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/19 11:0 a.m.28 views

Why CTEM is the Winning Bet for CISOs in 2025

Continuous Threat Exposure Management CTEM has moved from concept to cornerstone, solidifying its role as a strategic enabler for CISOs. No longer a theoretical framework, CTEM now anchors today's cybersecurity programs by continuously aligning security efforts with real-world risk. At the heart ...

7.2AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/05/08 2:26 p.m.67 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 28, 2025 to May 4, 2025)

In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. Last week, there were 84 vulnerabilities disclosed in 68 WordPress Plugin...

9.8CVSS9.8AI score0.5088EPSS
Exploits16
Microsoft Secure
Microsoft Secure
added 2025/04/30 6:0 p.m.7 views

14 secure coding tips: Learn from the experts at Microsoft Build

Hey friends! If you are a developer, you know that writing clean and efficient code is just the starting point. Now, with AI playing a bigger role, secure coding isn't just a 'nice-to-have'—it's a must. Whether you're building web apps, working on cloud services, or adding AI to your projects,...

8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2025/04/30 6:0 p.m.8 views

14 secure coding tips: Learn from the experts at Microsoft Build

Hey friends! If you are a developer, you know that writing clean and efficient code is just the starting point. Now, with AI playing a bigger role, secure coding isn't just a 'nice-to-have'—it's a must. Whether you're building web apps, working on cloud services, or adding AI to your projects,...

8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/04/29 12:26 p.m.6 views

From Exposure to Assurance: Unified Remediation Across the Security Lifecycle

When it comes to defending your organization, every second counts. The time to detect, respond, and remediate is critical, but speed alone isn't enough. Fragmentation across security tools, siloed teams, and manual workflows leaves organizations constantly reactive, overwhelmed by alerts, and at...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/24 12:58 p.m.50 views

Linux io_uring PoC Rootkit Bypasses System Call-Based Threat Detection Tools

Cybersecurity researchers have demonstrated a proof-of-concept PoC rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called iouring to bypass traditional system call monitoring. This causes a "major blind spot in Linux runtime security tools," ARMO said. "This mechanism allo...

7.7AI score
Exploits0
hivepro
hivepro
added 2025/04/23 3:31 p.m.7 views

Draw the Line: Smart Consolidation or Bloated Platformization?

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all on Smart Consolidation vs Platformization. I often wonder…have CIS...

7.1AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2025/04/17 4:0 p.m.9 views

Microsoft’s Secure by Design journey: One year of success

Cybersecurity is one of the top risks facing businesses. Organizations are struggling to navigate the ever-evolving cyberthreat landscape in which 600 million identity attacks are carried out daily.1 The median time for a cyberattacker to access private data from phishing is 1 hour and 12 minutes...

8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2025/04/17 1:57 p.m.36 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 7, 2025 to April 13, 2025)

In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. Last week, there were 352 vulnerabilities disclosed in 310 WordPress...

10CVSS10AI score0.76126EPSS
Exploits28
Vulnrichment
Vulnrichment
added 2025/04/15 10:4 p.m.11 views

CVE-2025-32782 Ash Authentication email link auto-click account confirmation vulnerability

Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow...

5.3CVSS7.4AI score0.00287EPSS
Exploits0References2
Qualys Blog
Qualys Blog
added 2025/04/15 3:0 p.m.11 views

The Efficiency Imperative: How Federal Agencies Can Streamline Cybersecurity Operations

With increasing scrutiny on government spending, federal agencies face mounting pressure to optimize IT budgets while fortifying cybersecurity defenses. However, the unchecked proliferation of security tools has led to inefficiencies, reduced visibility, and increasing total cost of ownership. A...

7.7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/14 11:19 a.m.66 views

⚡ Weekly Recap: Windows 0-Day, VPN Exploits, Weaponized AI, Hijacked Antivirus and More

Attackers aren't waiting for patches anymore — they are breaking in before defenses are ready. Trusted security tools are being hijacked to deliver malware. Even after a breach is detected and patched, some attackers stay hidden. This week's events show a hard truth: it's not enough to react afte...

9.5CVSS8.3AI score0.93842EPSS
Exploits30
Rows per page
Query Builder