%term

OWASP Top 10 LLM Applications 2025 - Critical Vulnerabilities & Risk Mitigation

Jan 30, 2025 By Vinugayathri Chinnasamy In Indusface

The release of the OWASP Top 10 for LLM Applications 2025 provides a comprehensive overview of the evolving security challenges in the world of Large Language Models (LLMs). With advancements in AI, the adoption of LLMs like GPT-4, LaMDA, and PaLM has grown, but so have the risks. The new 2025 list builds upon the foundational threats outlined in previous years, reflecting the changing landscape of LLM security.

Read Post

Indusface

Read more about OWASP Top 10 LLM Applications 2025 - Critical Vulnerabilities & Risk Mitigation

Disparate Data to Unified Risk Insights: The Role of Asset Correlation in Vulnerability Management

Jan 30, 2025 By Nucleus In Nucleus

In this webinar, Adam Dudley and Aaron Attarzadeh from Nucleus discuss the critical role asset correlation plays in vulnerability management. They dive into how organizations can unify disparate asset data to gain clearer, more actionable risk insights. They explore the challenges of managing vulnerabilities in today's complex environments, with a focus on metadata integration, asset correlation, and how to manage data from multiple scanners and sources.

View Video

Nucleus

Read more about Disparate Data to Unified Risk Insights: The Role of Asset Correlation in Vulnerability Management

Building a package.json file with npn init

Jan 29, 2025 By Snyk In Snyk

Watch the full video linked below for more...

View Video

Snyk

Read more about Building a package.json file with npn init

Stating the Obvious: Vulns On the Rise in 2025

Jan 28, 2025 By Ben Edwards In BitSight

Happy New Year! As we usher in a year with some pleasant mathematical properties, I wanted to take a brief look back at one of the stories that was most interesting to me as a security data nerd from last year: our dependency on the National Institute of Standards and Technologies’s (NIST) National Vulnerability Database(NVD), and what the degradation in service has meant to the flow of information about new CVEs. TL:DR.

Read Post

BitSight

Read more about Stating the Obvious: Vulns On the Rise in 2025

Taking a Threat Adapted Approach to Vulnerability Management

Jan 28, 2025 By Guest Blog In ThreatQuotient

As cyber threats continue to grow in complexity and frequency, vulnerability management requires more than just patching systems; it demands a dynamic, threat-adapted approach.

Read Post

ThreatQuotient

Read more about Taking a Threat Adapted Approach to Vulnerability Management

Fortinet Firewall Authentication Bypass Vulnerability (CVE-2024-55591)

Jan 28, 2025 By Het Yadav In Coralogix

As per a recent update from Fortinet, Exploitation of CVE-2024-55591, a recently disclosed authentication bypass vulnerability in FortiOS and FortiProxy, allows remote attackers to achieve super-admin privileges. By sending specially crafted requests to the Node.js WebSocket module, attackers can exploit this zero-day vulnerability to gain unauthorized access.

Read Post

Coralogix

Read more about Fortinet Firewall Authentication Bypass Vulnerability (CVE-2024-55591)

AI-Powered Attacks Surge: 1,025% Jump in Vulnerabilities, 99% are API related

Jan 28, 2025 By SecuritySenses In SecuritySenses

Wallarm's 2025 API ThreatStats Report offers a sweeping look at how AI deployments drive a surge in security risks. In 2024, Wallarm researchers discovered 439 AI-related CVEs-up an astonishing 1,025% from the prior year. Nearly all these flaws, 99%, point back to insecure or mismanaged APIs.

Read Post

SecuritySenses

Read more about AI-Powered Attacks Surge: 1,025% Jump in Vulnerabilities, 99% are API related

How to Build a Production Ready npm Package (PART 2)

Jan 27, 2025 By Snyk In Snyk

Need help building your production ready npm package? Look no further! We go through a step by step guide showing you how to build, test and publish your npm package. If you haven't watched Part 1 yet, go watch that first, and then come back to Part 2!

View Video

Snyk

Read more about How to Build a Production Ready npm Package (PART 2)

The BEST way to check your npm package contents

Jan 25, 2025 By Snyk In Snyk

Watch the full video linked below for more...

View Video

Snyk

Read more about The BEST way to check your npm package contents

Arctic Wolf Observes Campaign Exploiting SimpleHelp RMM Software for Initial Access

Jan 24, 2025 By Andres Ramos In Arctic Wolf

On January 22, 2025, Arctic Wolf began observing a campaign involving unauthorized access to devices running SimpleHelp RMM software as an initial access vector. Roughly a week prior to the emergence of this campaign, several vulnerabilities had been publicly disclosed in SimpleHelp by Horizon3 (CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728).

Read Post