Using Snyk to Check Security on Code Agent
Using Snyk to Check Security on Code Agent.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Follow-Up: Updates on Actively Exploited Information Disclosure Vulnerability "Citrix Bleed 2" in Citrix NetScaler ADC and Gateway (CVE-2025-5777)
In late June 2025, Arctic Wolf issued a security bulletin addressing a critical out-of-bounds read vulnerability in Citrix NetScaler ADC and Gateway that Citrix disclosed, tracked as CVE-2025-5777. This vulnerability affects NetScaler devices configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
This Security Package Looks Useful... But Should You Trust It?
This Security Package Looks Useful… But Should You Trust It?
Thousands of WordPress Sites at Risk After Gravity Forms Breach
A critical vulnerability in the popular Gravity Forms WordPress plugin has led to widespread malware injections across thousands of sites. The flaw is being actively exploited by threat actors, some of whom are inserting backdoors and malicious JavaScript into WordPress sites to carry out data theft, SEO poisoning, and client-side attacks.
SquareX Collaborates with Top Fortune 500 CISOs to Launch The Browser Security Field Manual at Black Hat
SquareX announced the official launch of The Browser Security Field Manual at Black Hat USA 2025. In addition to a comprehensive practical guide to the latest TTPs attackers are using to target employees in the browser, this comprehensive manual features industry perspectives from leading CISOs from multiple Fortune 500 enterprises and other iconic companies, who share their perspectives on the evolving browser security landscape, the importance of each threat vector, and how they expect these attacks to evolve in the near future. Major contributors include.
Best Practices for Aggregating and Normalizing Exposure Data
In our first article exploring vulnerability management vs. exposure management, we explored the growing recognition that exposure management is not just a rebranding of vulnerability management. Rather, it’s a strategic evolution. Where traditional vulnerability management often focuses narrowly on CVEs and technical severity, exposure management demands a broader, more integrated understanding of risk across assets, environments, and attack vectors.
Cursor Agents Code Remotely (and while you sleep...)
Cursor Agents Code Remotely (and while you sleep...)
Critical Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC
On June 25, 2025, Cisco disclosed two critical vulnerabilities affecting Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). Tracked as CVE-2025-20281 and CVE-2025-20282, these flaws enable unauthenticated remote attackers to execute arbitrary commands as the root user via exposed HTTPS APIs. CVE-2025-20281 arises from insufficient validation of user-supplied input in a public API, allowing crafted requests to trigger remote code execution.
Addressing Recent Vulnerabilities and Our Commitment to Security
At CyberArk, the trust and security of our customers are at the heart of everything we do. Today, July 15th, we are addressing the publication of several Common Vulnerabilities and Exposures (CVEs) related to CyberArk Secrets Manager, Self-Hosted (formerly Conjur Enterprise) and Conjur Open Source (OSS). We regret the challenges this situation may pose to our customers and reaffirm our commitment to supporting them through the resolution process.
What Over 2 Million Assets Reveal About Industry Vulnerability
Today we’re releasing findings from a statistical sample of over 2 million internet-exposed assets, across on-prem, cloud, APIs, and web apps, discovered and analyzed by the CyCognito platform.