< ciso
brief />
Tag Banner

All news with #vulnerability management tag

213 articles · page 10 of 11

Spike in Automated Botnet Attacks Targeting PHP, IoT

🔍 Cybersecurity researchers warn of a sharp rise in automated botnet campaigns targeting PHP servers, IoT devices, and cloud gateways. The Qualys Threat Research Unit says Mirai, Gafgyt, Mozi and similar botnets are exploiting known CVEs, misconfigurations and exposed secrets to recruit vulnerable systems. Attackers leverage active debug interfaces (for example using '/?XDEBUG_SESSION_START=phpstorm'), scan from cloud providers to mask origin, and turn compromised routers and DVRs into residential proxies. Recommended mitigations include prompt patching, removing development tools from production, securing secrets with AWS Secrets Manager or HashiCorp Vault, and restricting public cloud access.
read more →

Visibility Gaps in Patching and Vulnerability Remediation

🔍 Modern patch management demands centralized visibility, faster prioritization, and accountable remediation to close growing exposure gaps. The article highlights how legacy systems such as WSUS and SCCM struggle with mixed environments, remote endpoints, and third-party applications, producing inconsistent patch states and unnoticed failures. Action1 is presented as a cloud-native platform that inventories endpoints, maps missing updates to CVEs, automates targeted deployments and retries failures, and provides audit-ready reporting to unify security and IT workflows.
read more →

Rise in Attacks on PHP Servers, IoT and Cloud Gateways

🔒 Qualys' Threat Research Unit reports a sharp rise in attacks targeting PHP servers, IoT devices and cloud gateways, driven by botnets such as Mirai, Gafgyt and Mozi exploiting known CVEs and misconfigurations. Researchers highlight active exploitation of flaws like CVE-2022-47945 (ThinkPHP RCE), CVE-2021-3129 (Laravel Ignition) and aging test/debug artifacts such as CVE-2017-9841, while attackers also harvest exposed AWS credentials. Qualys urges continuous visibility, timely patching, removal of debugging tools in production and managed secret stores to reduce risk.
read more →

CISA Releases Three ICS Advisories on Schneider, Vertikal

🔔 CISA released three Industrial Control Systems (ICS) advisories addressing multiple vulnerabilities that may affect operational technology safety and availability. The advisories cover ICSA-25-301-01 Schneider Electric EcoStruxure, ICSMA-25-301-01 Vertikal Systems Hospital Manager Backend Services, and an update to ICSA-24-352-04 Schneider Electric Modicon (Update B). Administrators and asset owners should review the technical findings, assess exposure, and apply recommended mitigations promptly to reduce operational risk.
read more →

Exposure Management in 2025: Trends, Risks, and Response

🔒 Intruder’s 2025 Exposure Management Index analyzes scans from over 3,000 small and midsize businesses to show defenders adapting under mounting pressure. High-severity vulnerabilities rose nearly 20% year‑on‑year, even as 89% of resolved critical flaws were remediated within 30 days (up from 75% in 2024). The report highlights AI-driven exploit development, growing attack surfaces from cloud, shadow IT and supply‑chain risk, and faster remediation at smaller firms.
read more →

Pentera Resolve Aims to Close the Remediation Gap Now

🔧 Pentera today unveiled Pentera Resolve, a platform extension that embeds automated remediation workflows into security validation to bridge the persistent remediation gap. The product converts validated findings into tracked, auditable tickets routed to owners in tools like ServiceNow, Jira, and Slack. Powered by AI-driven triage and contextual enrichment, it aims to replace manual consolidation with a measurable, repeatable remediation loop of validate, remediate, and re-test.
read more →

ExPRT.AI: Predicting Which Vulnerabilities Will Be Exploited

🔍 ExPRT.AI, embedded in Falcon Exposure Management, leverages CrowdStrike threat intelligence and real-time telemetry to predict which vulnerabilities attackers are most likely to exploit. Instead of relying solely on static CVSS ratings, it evaluates adversary tradecraft, observed exploit activity, software prevalence, patch adoption, and attack complexity to produce a daily exploitability score. These explainable scores feed directly into Falcon workflows to accelerate triage, prioritize fixes by real-world risk, and reduce manual noise in vulnerability management.
read more →

CISA Adds Five Exploited Vulnerabilities to KEV Catalog

🔒 CISA has added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The additions include CVE-2016-7836 (SKYSEA Client View), CVE-2025-6264 (Rapid7 Velociraptor), CVE-2025-24990 and CVE-2025-59230 (Microsoft Windows), and CVE-2025-47827 (IGEL OS). Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by the designated due dates; CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.
read more →

Many Users Still on Windows 10 Ahead of End‑of‑Life

⚠️ A significant proportion of users and organisations remain on Windows 10 just days before Microsoft ends support on October 14, meaning no more security or feature updates. Remote-access vendor TeamViewer reports over 40% of endpoints it recently supported still run the OS, while a Which? survey found 26% of UK users do not plan to upgrade and 11% are undecided. Experts warn this creates a cybersecurity and compliance 'cliff edge' that could expose systems to unpatched vulnerabilities and increased attacker activity.
read more →

Google DeepMind's CodeMender Automatically Patches Code

🛠️ Google’s DeepMind unveiled CodeMender, an AI agent that automatically detects, patches, and rewrites vulnerable code to remediate existing flaws and prevent future classes of vulnerabilities. Backed by Gemini Deep Think models and an LLM-based critique tool, it validates changes to reduce regressions and self-correct as needed. DeepMind says it has upstreamed 72 fixes to open-source projects so far and will engage maintainers for feedback to improve adoption and trust.
read more →

DeepMind's CodeMender: AI Agent to Fix Code Vulnerabilities

🔧 Google DeepMind has unveiled CodeMender, an autonomous agent built on Gemini Deep Think models that detects, debugs and patches complex software vulnerabilities. In the last six months it produced and submitted 72 security patches to open-source projects, including codebases up to 4.5 million lines. CodeMender pairs large-model reasoning with advanced program-analysis tooling — static and dynamic analysis, differential testing, fuzzing and SMT solvers — and a multi-agent critique process to validate fixes and avoid regressions. DeepMind says all patches are currently human-reviewed and it plans to expand maintainer outreach, release the tool to developers, and publish technical findings.
read more →

HackerOne Pays $81M in Bug Bounties, AI Flaws Surge

🛡️ HackerOne paid $81 million to white-hat hackers over the past 12 months, supporting more than 1,950 bug bounty programs and offering vulnerability disclosure, penetration testing, and code security services. The top 100 programs paid $51 million between July 1, 2024 and June 30, 2025, and the top 10 alone accounted for $21.6 million. AI-related vulnerabilities jumped over 200%, with prompt injection up 540%, while 70% of surveyed researchers reported using AI tools to improve hunting.
read more →

US Government Shutdown Threatens Federal Cybersecurity

⚠️ The US government shutdown will sharply reduce federal cybersecurity capacity, with CISA set to furlough approximately 1,651 of its 2,540 staff (about 65%), leaving only 889 employees, and NIST estimated to retain roughly 34% of its workforce. Core functions such as vulnerability management, guidance, the CVE program and website operations will be curtailed until appropriations resume. The pause raises immediate operational risks, complicates incident response and increases opportunities for threat actors and fraud.
read more →

CISOs Urged to Rethink Vulnerability Management amid Surge

⚠️ Enterprises face an unprecedented surge in disclosed vulnerabilities — over 20,000 in H1 2025 — with roughly 35% (6,992) accompanied by public exploit code, according to Flashpoint. Security leaders are urged to adopt risk-based patching and intelligence-led remediation that prioritizes remotely exploitable and actively exploited flaws while factoring in business context. Relying solely on CVE and the NVD is increasingly impractical due to enrichment delays; experts recommend integrating threat context, exposure management, and CTEM-style operations to concentrate limited resources on what truly matters.
read more →

Can AI Reliably Write Vulnerability Detection Checks?

🔍 Intruder’s security team tested whether large language models can write Nuclei vulnerability templates and found one-shot LLM prompts often produced invalid or weak checks. Using an agentic approach with Cursor—indexing a curated repo and applying rules—yielded outputs much closer to engineer-written templates. The current workflow uses standard prompts and rules so engineers can focus on validation and deeper research while AI handles repetitive tasks.
read more →

Amazon RDS for PostgreSQL Extended Support Updates

🔒 Amazon RDS for PostgreSQL now provides Extended Support minor versions 12.22-rds.20250814 and 11.22-rds.20250814, delivering critical security patches and bug fixes for affected instances. We recommend upgrading RDS instances to these releases to maintain security and performance. Extended Support offers up to three years of additional fixes after community support ends. Use automatic minor upgrades or RDS Blue/Green deployments to apply updates during maintenance windows.
read more →

Crash Tests for Security: Why BAS Is Essential in 2025

🛡️Breach and Attack Simulation (BAS) acts as a crash test for enterprise security, simulating real adversary behavior to reveal gaps that dashboards and compliance reports often miss. The Blue Report 2025 — based on 160 million adversary simulations — documents falling prevention rates, widespread blind spots in logging and alerting, and near-total failure to stop data exfiltration. By turning posture into validated performance, BAS helps CISOs prioritize remediation, reduce MTTR, and produce auditable evidence of resilience for boards and regulators.
read more →

Cyber Risk Assessments: Making CISO Efforts Visible

🛡️ Cyber Risk Assessments enable CISOs to quantify enterprise cyber risk and demonstrate the impact of security work. They uncover vulnerabilities across infrastructure, networks and cloud data, helping teams prioritize remediation and allocate resources where they matter most. Assessments also support compliance with regulations such as GDPR and PCI DSS, delivering actionable reports that document progress for management.
read more →

CTEM Focus: Prioritization and Validation in Practice

🔒 Continuous Threat Exposure Management (CTEM) reframes vulnerability work by centering on prioritization and validation instead of treating every scanner finding as equally urgent, helping teams stop chasing volume and start addressing exposures that actually endanger the business. Prioritization ranks issues by real business impact, while validation — via Adversarial Exposure Validation (AEV) technologies like breach and attack simulation and automated penetration testing — proves which gaps are exploitable. This converts assumptions into evidence and enables focused, continuous defense for dynamic environments.
read more →

AI Growth Fuels Surge in Hardware and API Vulnerabilities

🛡️ Bugcrowd's annual "Inside the Mind of a CISO 2025: Resilience in an AI-Accelerated World" report warns that rapid, AI-assisted development is expanding the attack surface and exposing foundational weaknesses. Published September 23, the study links faster release cycles to gaps in access control, data protection and hardware security, and highlights rising API and network vulnerabilities. It calls for continuous offensive testing and collective intelligence to mitigate escalating risks.
read more →