What Changed in OWASP Top 10 2025 and Recommendations for Each Category

Key Takeaways 1. The 2025 list introduces two new categories – Software Supply Chain Failures A03 and Mishandling of Exceptional Conditions A10 - reflecting attacks already happening in production. 2. Security Misconfiguration jumping from 5 to 2 signals that continuous deployment without...

Validating Threat Modeling Results with the Help of Vulnerable Test Applications

Validating threat modeling results remains difficult because completeness is hard to judge without an external oracle. Existing studies often rely on expert-produced reference models and other human baselines, but these can contain omissions or disagreements. This paper evaluates a complementary,...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

AetherGuard Security Test Dataset !License: MIThttps://im...

How Hive Pro Brings Comprehensive Security to  CrowdStrike and SentinelOne

& How HivePro Vulnerability Exposure Management VEM extends and amplifies the value of your existing endpoint security/EDR investments - turning detection strength into enterprise-wide vulnerability and exposure intelligence. The Challenge Your EDR is world-class. Your exposure visibility isn't...

Rapid7 at Pwn2Own: Raising the Bar in Vuln Intel

As the 2025 edition of Pwn2Own Ireland draws to a close, we are taking a beat to reflect on Rapid7’s participation and achievements, both this year and last, in the world of competitive zero day exploit development. Pwn2Own is a zero day exploit competition run by the Zero Day Initiative ZDI and...

AutoPentester: An LLM Agent-Based Framework for Automated Pentesting

Penetration testing and vulnerability assessment are essential industry practices for safeguarding computer systems. As cyber threats grow in scale and complexity, the demand for pentesting has surged, surpassing the capacity of human professionals to meet it effectively. With advances in AI,...

Following the News: MITRE’s Common Vulnerabilities and Exposures (CVE) Funding

The current situation On April 16, CISA extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures CVE program. This was in response to a letter sent by MITRE on April 15 to CVE board members warning of a potential issue with MITRE's support for the CVE...

What’s New in Rapid7 Products & Services: Q2 2024 in Review

This quarter we continued to make investments that provide security professionals with a holistic, actionable view of their entire attack surface. In Q2, we focused on enhancing visualization, prioritization, and integration capabilities across our key products and services. Below we’ve highlight...

Rapid7 offers continued vulnerability coverage in the face of NVD delays

Recently, the US National Institute of Standards and Technology NIST announced on the National Vulnerability Database NVD site that there would be delays in adding information on newly published CVEs. NVD enriches CVEs with basic details about a vulnerability like the vulnerability’s CVSS score,...

Vulnerability Scanning With the Metasploit Remote Check Service (Beta Release)

InsightVM and Nexpose customers can now harness the power of the Metasploit community to assess their exposure to the latest threats. The Feb. 3 release of InsightVM and Nexpose version 6.6.63 includes a beta version of the Metasploit Remote Check Service, bringing Metasploit check method...