%term

Multiple Unpatched Vulnerabilities in Versa Concerto Disclosed

May 22, 2025 By Andres Ramos In Arctic Wolf

On May 21, 2025, ProjectDiscovery published technical details for multiple vulnerabilities they discovered in Versa Concerto, including authentication bypasses, remote code execution (RCE), and container escapes. Versa Concerto is a centralized management platform used to manage Versa’s SD-WAN and SASE services. It is a Spring Boot-based application deployed via Docker containers and routed through Traefik.

Read Post

Arctic Wolf

Read more about Multiple Unpatched Vulnerabilities in Versa Concerto Disclosed

CVE-2025-31324: Critical SAP Flaw Exposes Systems to Remote Attacks

May 22, 2025 By Indusface In Indusface

Active exploit targets SAP NetWeaver via unauthenticated remote code execution. This flaw allows unauthenticated attackers to upload and execute arbitrary files, leading to complete system compromise. In this video, we break down how the vulnerability works, why it’s dangerous, and what steps you must take to secure your systems.

View Video

Indusface

Read more about CVE-2025-31324: Critical SAP Flaw Exposes Systems to Remote Attacks

Reviewing Penetration Test Pricing In 2025: A Practical Guide for UK and EU Buyers

May 22, 2025 By SecuritySenses In SecuritySenses

Penetration testing costs in the UK and EU can range from a few thousand pounds to well over £20,000. At a glance, many of these tests look the same. So why the price gap? In 2025, pricing models haven't changed much. Most tests are still priced per day, but the complexity of what's being tested has changed. The rise of custom internal tools (many "vibe coded" by non-IT or security teams), shadow IT, SaaS stacks, and cloud sprawl means that scoping a pen test properly takes more time and care.

Read Post

SecuritySenses

Read more about Reviewing Penetration Test Pricing In 2025: A Practical Guide for UK and EU Buyers

Attaxion Becomes the First EASM Platform to Integrate ENISA's EU Vulnerability Database (EUVD)

May 21, 2025 By Attaxion

Attaxion, the external attack surface management (EASM) vendor with industry-leading asset coverage, announces the integration of the European Vulnerability Database (EUVD) into its platform.

Read Post

Read more about Attaxion Becomes the First EASM Platform to Integrate ENISA's EU Vulnerability Database (EUVD)

CyCognito Report Reveals 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

May 21, 2025 By CyCognito In CyCognito

Research reveals major security vulnerability disparities between the three leading cloud providers.

Read Post

CyCognito

Read more about CyCognito Report Reveals 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

Google's Gemini 2.5 Pro is Better than ALL other Models...

May 21, 2025 By Snyk In Snyk

Google's Gemini 2.5 Pro is Better than ALL other Models...

View Video

Snyk

Read more about Google's Gemini 2.5 Pro is Better than ALL other Models...

CTI Roundup: Marbled Dust, Horabot, and TA406

May 21, 2025 By Tanium In Tanium

Marbled Dust exploits a zero-day vulnerability in Output Messenger, a sophisticated phishing campaign uses Horabot malware, and TA406 shifts its targeting behavior.

Read Post

Tanium

Read more about CTI Roundup: Marbled Dust, Horabot, and TA406

Security Testing for Single-Page Applications (SPAs)

May 21, 2025 By Tiago Mendo In Snyk

When developing a web application, dev teams can choose from two fundamental design patterns: Single-Page Applications (SPAs) or traditional Multi-Page Applications (MPAs). Deciding which one to use can depend on multiple factors, but more and more companies are developing SPAs since they can provide a smoother user experience (UX), which, in turn, might just result in better user adoption.

Read Post

Snyk

Read more about Security Testing for Single-Page Applications (SPAs)

EASM top features: 7 capabilities your solution needs

May 21, 2025 By Marcus White In Outpost 24

External attack surfaces have never been more sprawling, or more vulnerable. As organizations increasingly rely on dynamic, cloud-based infrastructures, and third-party services, digital footprints are only going to carry on growing. So, it’s no surprise many are turning towards External Attack Surface Management (EASM) tools for more visibility into both known and unknown assets. But what should you be looking for in a solution?

Read Post

Outpost 24

Read more about EASM top features: 7 capabilities your solution needs

Security Bulletin: OttoKit WordPress Plugin Vulnerability, CVE-2025-27007

May 20, 2025 By Danny Portal In Centripetal

CVE-2025-27007 is a critical unauthenticated privilege escalation vulnerability affecting the OttoKit WordPress plugin (formerly SureTriggers), which is used by over 100,000 websites for workflow automation and third-party integration. The vulnerability exists in the plugin’s create_wp_connection() function, which fails to properly verify user authentication when application passwords are not configured.

Read Post