CVE-2026-25758

creationtimestamp| type| source ---|---|--- 2026-02-05 13:49:28+00:00| published-proof-of-concept| https://github.com/spree/spree/security/advisories/GHSA-87fh-rc96-6fr6 2026-03-06 20:09:04+00:00| seen|...

Cyber Risk Prioritization: A Practical Guide

For years, security teams have relied on static scores like CVSS to guide their patching efforts. While helpful, these scores only tell part of the story. They show a vulnerability's potential severity but lack the real-world context of what attackers are actually doing right now. A theoretical...

Your Guide to PCI DSS 4.0.1 Web Application and API Controls with a Simplified Path to Compliance

Executive Summary PCI DSS 4.0.1 compliance mandates stricter security controls for web applications and APIs. Key updates include maintaining an inventory of custom software PCI 6.3.2 and managing payment page scripts to prevent skimming attacks PCI 6.4.3. Organizations must also adopt risk-based...

Packet Fence 15.0.0

PacketFence is a network access control NAC system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration...

EUVD-2018-17950

Malware in sbrugna...

EUVD-2008-6855

Malware in sbrugna...

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 7, 2025 to April 13, 2025)

In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. Last week, there were 352 vulnerabilities disclosed in 310 WordPress...

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 3, 2025 to March 9, 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 10, 2025 to February 16 2025)

Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Researchers can earn up to $31,200 per vulnerability , for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we...

PT-2024-7362

Name of the Vulnerable Software and Affected Versions: Spring Framework versions prior to 5.3.41 Spring Framework versions prior to 6.0.25 Spring Framework versions prior to 6.1.14 Confluence Data Center and Server versions 3.0 through 9.1.0 Confluence Data Center and Server version 9.1 Bitbucket...

Simplifying Azure Cloud Security with Snapshot-Based Scans

As organizations increasingly move to the cloud, securing these dynamic and transient environments has become a critical challenge for security teams. Cloud deployments are inherently more fluid than traditional infrastructure, with resources constantly being spun up, modified, or decommissioned...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 26, 2024 to September 1, 2024)

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024, researchers c...

Top Security Posture Vulnerabilities Revealed

Each New Year introduces a new set of challenges and opportunities for strengthening our cybersecurity posture. It's the nature of the field – the speed at which malicious actors carry out advanced persistent threats brings a constant, evolving battle for cyber resilience. The excitement in...

7 Cyber Security Tips for SMBs

When the headlines focus on breaches of large enterprises like the Optus breach, it's easy for smaller businesses to think they're not a target for hackers. Surely, they're not worth the time or effort? Unfortunately, when it comes to cyber security, size doesn't matter. Assuming you're not a...

4 Steps the Financial Industry Can Take to Cope With Their Growing Attack Surface

The financial services industry has always been at the forefront of technology adoption, but the 2020 pandemic accelerated the widespread use of mobile banking apps, chat-based customer service, and other digital tools. Adobe's 2022 FIS Trends Report, for instance, found that more than half of th...

Moving to AWS Lambda? Here’s what you need to know.

Serverless computing is transforming the way organizations build, ship, automate and scale applications. With no need to worry about infrastructure or who’s going to manage it, developers are free to focus on application development and innovation. The payoffs can be significant: Faster time to...

ThreatMapper - Identify Vulnerabilities In Running Containers, Images, Hosts And Repositories

The Deepfence Runtime Threat Mapper is a subset of the Deepfence cloud native workload protection platform, released as a community edition. This community edition empowers the users with following features: 1. Visualization: Visualize kubernetes clusters, virtual machines, containers and images,...

Automatic API Attack Tool - Customizable API Attack Tool Takes An API Specification As An Input, Generates And Runs Attacks That Are Based On It As An Output

Imperva's customizable API attack tool takes an API specification as an input, and generates and runs attacks that are based on it as an output. The tool is able to parse an API specification and create fuzzing attack scenarios based on what is defined in the API specification. Each endpoint is...

The HOW, WHY, and HUH? Blog on Disputes

As you may know, performing vulnerability scans is a requirement for PCI DSS compliance. One of those specific requirements, described in section 11.2.2, states that quarterly external scanning must be done by a qualified Approved Scanning Vendor. Coalfire just so happens to be an ASV, so if you...

Open Source Network Access Control: PacketFence

PacketFence is a fully supported, trusted, Free and Open Source network access control NAC system. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices,...