Day: May 9, 2025

The Vulnerability Treadmill
The reactive nature of vulnerability management, combined with delays from policy and process, strains security teams. Capacity is limited and patching everything immediately is a struggle. Our Vulnerability Operation Center (VOC) dataset analysis identified 1,337,797 unique findings (security issues) across 68,500 unique customer assets. 32,585 of them were distinct

The FBI has detected indicators of malware targeting end-of-life routers associated with Anyproxy and 5Socks proxy services

PowerSchool said its customers had been hit by new extortion demands using data stolen in a previous attack, despite attacker claims the data had been deleted

Google on Thursday announced it’s rolling out new artificial intelligence (AI)-powered countermeasures to combat scams across Chrome, Search, and Android.
The tech giant said it will begin using Gemini Nano, its on-device large language model (LLM), to improve Safe Browsing in Chrome 137 on desktops.
“The on-device approach provides instant insight on risky websites and allows us to offer

A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver.
Forescout Vedere Labs, in a report published today, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025.
CVE-2025-31324 refers to a critical SAP NetWeaver flaw

Apache ActiveMQ 6.1.6 – Denial of Service (DOS)

SureTriggers OttoKit Plugin 1.0.82 – Privilege Escalation

WordPress Depicter Plugin 3.6.1 – SQL Injection

VirtualBox 7.0.16 – Privilege Escalation