Topic: vulnerability remediation
-
Federal Agency Hacked Through GeoServer Vulnerability
A federal agency suffered a cybersecurity breach in July 2024 when attackers exploited a critical, unpatched vulnerability in a public-facing GeoServer, allowing them to deploy malicious tools and establish persistence. The attackers used the same vulnerability to breach a second server, moved la...
Read More » -
Bugcrowd Boosts AI Security with Mayhem Acquisition
Bugcrowd has acquired Mayhem Security to enhance AI-powered, human-in-the-loop security testing, enabling faster, safer software development and reduced operational costs. The acquisition combines Mayhem's AI-driven automation with Bugcrowd's crowdsourced human expertise to proactively identify a...
Read More » -
GreyNoise Launches MCP Server for AI-Powered SOC Workflows
GreyNoise Intelligence has launched an MCP Server to integrate real-time threat intelligence into AI-driven security operations, enabling faster decision-making and automated workflows. The tool allows AI agents to access high-fidelity threat data, enhancing capabilities like noise reduction, aut...
Read More » -
Top Infosec Products of October 2025
The cybersecurity landscape in October 2025 saw companies introducing AI-driven solutions to automate security processes, improve visibility, and address evolving digital threats. Innovations included tools for validating defenses, prioritizing vulnerabilities, safeguarding mobile apps, and integ...
Read More » -
Trellix Helix Hyperautomation Streamlines SOC Operations
Trellix has integrated Hyperautomation into its Helix platform, featuring a no-code, drag-and-drop workflow builder to automate security processes and boost operational efficiency. The rise of AI-powered threats is increasing pressure on security teams, with over one-third of CISOs seeking enhanc...
Read More » -
US Agencies Ordered to Replace Outdated Edge Devices
US federal agencies must remove all outdated public-facing network hardware within one year, as mandated by CISA's Binding Operational Directive 26-02 to address active exploitation of end-of-support devices. The directive establishes strict deadlines, requiring agencies to identify vulnerabiliti...
Read More » -
Why Ransomware Attacks Spike on Weekends
Threat actors deliberately target organizations on weekends and holidays when security staffing is minimal, exploiting slower detection to infiltrate systems more deeply. Business transitions like mergers and acquisitions create vulnerabilities, with 60% of incidents occurring after such shifts d...
Read More » -
Tenable Uncovers Critical Google Gemini AI Flaws That Risked User Data
Tenable Research uncovered three critical security flaws in Google's Gemini AI, known as the Gemini Trifecta, which allowed attackers to manipulate the AI and steal sensitive user data without direct system access. The vulnerabilities affected components like Gemini Cloud Assist, Search Personali...
Read More » -
Unseen Dangers in Open-Source Software
Open-source software underpins much of the digital world but poses significant security risks, as organizations often overlook vulnerabilities in the code they depend on daily. A study comparing open-source and proprietary software found varying vulnerability densities, with smaller projects like...
Read More » -
US Jury System Bug Exposed Sensitive Personal Data
A security flaw in Tyler Technologies' jury management websites exposed sensitive personal information of potential jurors across multiple U.S. and Canadian states, allowing unauthorized access through brute-force attacks due to sequential identifiers and lack of rate-limiting. Exposed data inclu...
Read More »