Most critical vulnerabilities aren’t worth your attention
Web applications face a wide range of risks, including known-exploitable vulnerabilities, supply chain attacks, and insecure identity configurations in CI/CD, according to the Datadog State…
Category: HelpnetSecurity
Week in review: MITRE ATT&CK v17.0 released, PoC for Erlang/OTP SSH bug is public
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Released: MITRE ATT&CK v17.0, now with ESXi attack TTPsMITRE has…
Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)
Researchers have uncovered three serious vulnerabilities in Rack, a server interface used by most Ruby web app frameworks (Ruby on Rails, Sinatra, Hanami, Roda, and…
LastPass Secure Access Experiences simplifies access management
As cloud app adoption continues to rise, and the modern workplace continues to evolve, LastPass will introduce a new approach to democratize access management. Built…
BreachLock AEV simulates Real attacks to validate and prioritize exposures
BreachLock AEV automates multistep, threat-intelligence-led attack scenarios—helping security teams uncover real exposures and prioritize what matters most. Going beyond just showing security teams their risk,…
Dashlane introduces Omnix for AI-powered credential protection
Dashlane unveiled a new approach to addressing human risk in response to the rise of AI-driven phishing attacks and shadow IT in corporate environments. Built…
Top must-visit companies at RSAC 2025
RSAC 2025 Conference is taking place at the Moscone Center in San Francisco from April 28 – May 1. With hundreds of booths, countless product…
Exposure validation emerges as critical cyber defense component
Organizations have implemented various aspects of threat exposure validation, including security control validation (51%) and filtering threat exposures based on the effectiveness of security controls…
Flexible working models fuel surge in device theft
76% of respondents have been impacted by incidents of device theft in the past two years, with incidents more common in organizations with more flexible…
13 core principles to strengthen AI cybersecurity
The new ETSI TS 104 223 specification for securing AI provides reliable and actionable cybersecurity guidance aimed at protecting end users. Adopting a whole-lifecycle approach,…
New infosec products of the week: April 25, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Bitdefender, PowerDMARC, Skyhawk Security, Stellar Cyber, Swimlane, and Veracode. Email…
AVX ONE PQC Tool delivers crypto inventory, risk insights, and readiness scoring
AppViewX has announced the launch of the AVX ONE Post-Quantum Cryptography (PQC) Assessment Tool that generates a Cryptographic Bill of Materials and PQC readiness score.…