%term

CVE-2025-23006: Actively Exploited Vulnerability in SonicWall SMA1000 Appliances

Jan 23, 2025 By Julian Tuin In Arctic Wolf

On January 22, 2025, SonicWall published a security advisory detailing an actively exploited remote command execution vulnerability in SMA1000 appliances. The critical-severity vulnerability, CVE-2025-23006, is a pre-authentication deserialization of untrusted data vulnerability that has been identified in the SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). If exploited, it could allow unauthenticated remote threat actors to execute arbitrary OS commands.

Read Post

Arctic Wolf

Read more about CVE-2025-23006: Actively Exploited Vulnerability in SonicWall SMA1000 Appliances

Reviving DevSecOps: How Snyk's new framework builds trust and collaboration

Jan 23, 2025 By Ben Desjardins In Snyk

It’s been over a decade since DevSecOps was introduced as a transformative approach to software development, but adoption remains uneven. Despite its promise of seamless integration between development, security, and operations, only 38% of organizations report fully automating the addition of new projects, branches, or repositories into their security testing queues.

Read Post

Snyk

Read more about Reviving DevSecOps: How Snyk's new framework builds trust and collaboration

Taking a Threat Adapted Approach to Vulnerability Management

Jan 22, 2025 By Chris Jacob, VP and Will Baxter, Security Engineer In ThreatQuotient

As cyber threats continue to grow in complexity and frequency, vulnerability management requires more than just patching systems; it demands a dynamic, threat-adapted approach. As part of Cyber Rhino Threat Week (9-13th of December 2024) which aimed to inform, sharing threat intelligence insights and best practices with our customers, partners and industry ecosystem, we held a session that explored how integrating Threat Intelligence into Vulnerability Management can transform the way organisations prioritise and respond to risks.

Read Post

ThreatQuotient

Read more about Taking a Threat Adapted Approach to Vulnerability Management

Check out our latest podcast episode, featuring Sam Stepanyan, Global Board Member at OWASP!

Jan 22, 2025 By Netacea In Netacea

#Cybersecurity #podcast #onlinesecurity

View Video

Netacea

Read more about Check out our latest podcast episode, featuring Sam Stepanyan, Global Board Member at OWASP!

Stop Demonizing CVSS: Fix the Real Problem

Jan 22, 2025 By Scott Kuffer In Nucleus

If you read the newest risk-based vulnerability management literature, it appears we have a new favorite punching bag: the Common Vulnerability Scoring System (CVSS). You seemingly can’t throw a rock into the “vuln-o-sphere” without hitting someone dunking on CVSS or the National Vulnerability Database (NVD). The argument goes something like this: “Exploitation rates are up, ransomware is surging, and vulnerabilities are multiplying like rabbits.

Read Post

Nucleus

Read more about Stop Demonizing CVSS: Fix the Real Problem

How to create a new GitHub repository

Jan 22, 2025 By Snyk In Snyk

Watch the full video linked below for more...

View Video

Snyk

Read more about How to create a new GitHub repository

Understanding the EU's Cyber Resilience Act (CRA)

Jan 22, 2025 By Ben Desjardins In Snyk

The Cyber Resilience Act (CRA) introduces a much-needed framework for standardizing the cybersecurity practices of companies operating in the European Union (EU). The regulation sets clear expectations for hardware and software manufacturers, developers, and distributors, outlining how they should manage and address vulnerabilities at every stage of the product lifecycle.

Read Post

Snyk

Read more about Understanding the EU's Cyber Resilience Act (CRA)

The Ultimate Guide to Building and Publishing Modern npm Packages (PART 1)

Jan 20, 2025 By Snyk In Snyk

In this video, we’ll walk you through the process of creating a modern npm package from scratch. Whether you're a seasoned developer or just starting out, this step-by-step guide will show you how to build, test, and publish an npm package.

View Video

Snyk

Read more about The Ultimate Guide to Building and Publishing Modern npm Packages (PART 1)

ConVErsations: Criminal Discussion of Vulnerabilities and Exploits

Jan 17, 2025 By Jovana Macakanja In CYJAX

Defenders often discuss security vulnerabilities on GitHub, Stack overflow, X (formerly Twitter), and other platforms to share knowledge of these threats and ensure users know when patches are available. Cybercriminals have a similar process, choosing to share vulnerability news, exploit code, and engage in technical discussions on cybercriminal forums. However, in contrast to defenders, these threat actors share this knowledge for the purpose finding unpatched systems and exploiting them.

Read Post

CYJAX

Read more about ConVErsations: Criminal Discussion of Vulnerabilities and Exploits

Detecting and mitigating CVE-2024-12084: rsync remote code execution

Jan 17, 2025 By Sysdig Threat Research Team In Sysdig

On Tuesday, January 14, 2025, a set of vulnerabilities were announced that affect the “rsync” utility. Rsync allows files and directories to be flexibly transferred locally and remotely. It is often used for deployments and backup purposes. In total, 6 vulnerabilities were announced to the OSS Security mailing list. The most severe vulnerability, CVE-2024-12084, may result in remote code execution. This post will cover how to detect and mitigate CVE-2024-12084.

Read Post