%term

Lessons From 2025: Zero-Day Exploitation Shaping 2026

Feb 5, 2026 By Lydia Atienza In Outpost 24

Zero-day exploits were among the defining cyber threats of 2025, with high-severity flaws affecting platforms such as React2Shell, Oracle E-Business Suite (EBS), and CitrixBleed 2 highlighting how quickly zero-days can be weaponized and how damaging they can be. To help organizations understand the zero-day threat landscape, Outpost24’s threat intelligence team has compiled a review of the vulnerabilities they encountered in the wild throughout 2025.

Read Post

Outpost 24

Read more about Lessons From 2025: Zero-Day Exploitation Shaping 2026

Context-Driven Security: CTEM as a Necessity for Cybersecurity

Feb 5, 2026 By Nucleus Security In Nucleus

Nucleus Security's Adam Dudley talks about the platform's place in a highly functioning CTEM approach during a joint webinar with Cycode and HackerOne.

View Video

Nucleus

Read more about Context-Driven Security: CTEM as a Necessity for Cybersecurity

Internet Exposure and Vulnerability Risk: Why Reachability Changes Everything

Feb 5, 2026 By Nucleus Security In Nucleus

In this conversation, Ryan Cribelar, R&D Engineer at Nucleus Security, breaks down why internet exposure is one of the most important layers of context in vulnerability and exposure management. Security teams are flooded with vulnerability data, but not every finding carries the same level of risk. As Ryan explains, whether a vulnerability is reachable from the internet can dramatically change how urgent it really is. Internet exposure shortens the path from discovery to exploitation and often determines whether a vulnerability is theoretical or immediately actionable.

View Video

Nucleus

Read more about Internet Exposure and Vulnerability Risk: Why Reachability Changes Everything

Ten threats traditional Antivirus misses (and Next-Gen AV doesn't)

Feb 4, 2026 By Manish Mandal In ManageEngine

The cybersecurity arena is rapidly shifting and CISOs are locked in a relentless struggle against adversaries who rarely reveal themselves. Traditional antivirus (AV) solutions, which has been the primary shield (and still is for many companies) has reached its 'End of life'. The reason is clear: signature-based protection simply isn't enough anymore.

Read Post

ManageEngine

Read more about Ten threats traditional Antivirus misses (and Next-Gen AV doesn't)

Disclosure: SupportCandy Ticket Attachment IDOR (CVE-2026-1251)

Feb 4, 2026 By Theklis Stefani In Sentrium

During independent security research conducted as part of the Wordfence Bug Bounty Program, we identified a broken access control vulnerability in the SupportCandy plugin for WordPress. SupportCandy is a helpdesk and customer support ticketing plugin that enables organisations to manage user-submitted support requests directly within their WordPress environment, including the ability to upload files and exchange attachments through ticket replies.

Read Post

Sentrium

Read more about Disclosure: SupportCandy Ticket Attachment IDOR (CVE-2026-1251)

AI Code Generation: 3 Critical Security Risks

Feb 4, 2026 By Snyk In Snyk

AI Code Generation: 3 Critical Security Risks.

View Video

Snyk

Read more about AI Code Generation: 3 Critical Security Risks

Introducing the AI Security Fabric: Empowering Software Builders in the Era of AI

Feb 3, 2026 By Manoj Nair In Snyk

Today, we’re thrilled to introduce the AI Security Fabric, delivered through the Snyk AI Security Platform, and operationalized through a prescriptive path for AI security. As software creation shifts to humans, models, and autonomous agents working together at machine speed, security must evolve just as fundamentally. The AI Security Fabric defines the new paradigm, and the Prescriptive Path shows how the Snyk AI Security Platform gets you there.

Read Post

Snyk

Read more about Introducing the AI Security Fabric: Empowering Software Builders in the Era of AI

Critical Vulnerability Alert: CVE-2025-40551 in SolarWinds Web Help Desk

Feb 3, 2026 By Emma Stevens In BitSight

A critical vulnerability (CVE-2025-40551) has been identified in SolarWinds Web Help Desk, a widely used IT service management platform deployed across enterprise and public sector environments to manage support tickets, assets, and internal workflows. Successful exploitation could allow an unauthenticated attacker to execute arbitrary commands on the underlying host system.

Read Post

BitSight

Read more about Critical Vulnerability Alert: CVE-2025-40551 in SolarWinds Web Help Desk

CVE-2026-25253: OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

Feb 3, 2026 By foresiet In Foresiet

CVE-2026-25253 is a high-severity vulnerability (CVSS 8.8) in OpenClaw (formerly Clawdbot/Moltbot), an open-source AI agent framework. It allows attackers to exfiltrate authentication tokens via a crafted URL, leading to full gateway compromise and remote code execution (RCE) with one click. Disclosed in early February 2026, it affects versions before 2026.1.29.

Read Post

Foresiet

Read more about CVE-2026-25253: OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

Introducing Detectify Internal Scanning for internal scanning behind the firewall

Feb 3, 2026 By Detectify In Detectify

Detectify Internal Scanning is an internal vulnerability scanning solution that brings Detectify’s proprietary crawling and fuzzing engine behind your firewall. Built for AppSec and DevOps teams, it enables authenticated testing of internal applications, admin panels, staging environments, and microservices, all from a single, unified platform. Teams can now monitor both internal and external vulnerabilities side by side, without slowing down release cycles.

Read Post