CSO Online

Vulnerability prioritization beyond the CVSS number

A vulnerability in a tightly isolated sandbox may score a 9.8 but never affect anything else. Meanwhile, a 5.2 in a single ...
Techzine EuropeOpinion

From vulnerability whack-a-mole to strategic risk operations

Qualys VP Alex Kreilein explains why counting vulnerabilities fails and how VEX-enhanced SBOMs enable true risk operations ...
JD Supra

Here Are the Five Top Security Threats from 2025

Threat actors had another banner year in 2025. As we head into 2026, looking back on the five top security threats of 2025 may inform our strategy and budgeting for 2026 to prepare for the continued ...
blockchain

Codex AI Enhances Security Vulnerability Detection and Opens Opportunities for Secure Code ...

According to Greg Brockman on Twitter, Codex is now demonstrating significant improvements in identifying security vulnerabilities within code. OpenAI is exploring trusted access programs specifically ...
GitHub

scantistdemo/Log4shell-vulnerability-app

This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell. It uses Log4j 2.14.1 (through spring-boot-starter-log4j2 2.6.1) and the JDK 1.8.0_181. [+] ...
The Record

Log4Shell attacks began two weeks ago, Cisco and Cloudflare say

While a public proof-of-concept code was released last Thursday, attacks exploiting the Log4Shell vulnerability started two weeks ago. The first attacks were observed on December 1 and December 2, ...
Developer Tech

Log4j downloads shows supply chain wake-up call ignored

Ongoing vulnerable Log4j downloads suggest the supply chain crisis wasn’t the wake-up call it should have been. Back in December 2021, the “internet on fire” headlines weren’t hyperbole. Security ...
CSOonline

The nexus of risk and intelligence: How vulnerability-informed hunting uncovers what ...

When you treat vulnerabilities as clues instead of chores, you uncover threats, fix blind spots and finally make your security program work smarter. For years, I watched organizations treat ...
SecurityWeek

ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure

A researcher found a way to exploit an SSRF vulnerability related to custom GPTs to obtain an Azure access token. A researcher has disclosed the details of a recently patched ChatGPT vulnerability ...
PC World

Millions at risk of critical PC security vulnerability, Dell warns

Users of Dell systems are currently at considerable risk: a “high impact” vulnerability (CVE-2025-46430) has been identified in Dell’s Display and Peripherals Manager (DDPM). According to Dell, ...
thecyberexpress

New AI Vulnerability Scoring System Announced to Address Gaps in CVSS

A new vulnerability scoring system has just been announced. The initiative, called the AI Vulnerability Scoring System (AIVSS), aims to fill the gaps left by traditional models such as the Common ...