Oh lovely, it's already got 80+ integrations.

Let me give this one a try

#appsec #vulns #VulnMan #TechSky

Who controls the breaks on a train
www.schneier.com/blog/archive...

#wireless #radio #train #hacks #vulns

Airoha Chip Vulns Put Sony, Bose Earbuds & Headphones at Risk
www.darkreading.com/vulnerabilit...

#Infosec #Security #Potatosecurity #CeptBiro #AirohaChip #Vulns #Sony #Bose #EarbudsAndHeadphones #Risk

Airoha Chip Vulns Put Earbuds & Headphones at Risk The vulnerabilities, which have yet to be published, could allow a threat actor to hijack not only Bluetooth earbuds and headphones but also the devices connected to them.

Airoha Chip Vulns Put Sony, Bose Earbuds & Headphones at Risk
www.darkreading.com/vulnerabilit...

#Infosec #Security #Cybersecurity #CeptBiro #AirohaChip #Vulns #Sony #Bose #EarbudsAndHeadphones #Risk

CISA: 22 New ICS Advisories

~Cisa~
CISA released 22 ICS advisories on vulnerabilities & exploits; review for mitigations.
-
IOCs: (None identified)
-
#CISA #ICS #ThreatIntel #Vulns

comparison of fix SLA (14d) vs MTTR (67d)

Survey: 3/4 of orgs surveyed say their SLAs require #vulnerabilities to be fixed in 14 days.

Real data: Few meet this goal. The median time to resolution (MTTR) is 67 days for all #vulns found via #pentesting. #cybersecurity #infosec

See full report here: resource.cobalt.io/state-of-pen...

XRP Ledger Foundation confirms SDK breach and issues urgent fix | Cryptopolitan A critical vulnerability has been discovered in the XRP Ledger SDK which allows hackers to insert a backdoor and potentially steal private keys.

#crypto #xrp #vulns #securitybreach

Tu pars un week-end tranquille, tu reviens, y'a eu 3 #leaks, 2 #vulns de #firewall, y'a 10 comptes chelous qui te donnent des liens en mp twitter, 40 mails non lus et une belle envie de repartir en weekend

Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log str...

I think you really should trust your life with AI-chatbots. Give them everything: your name, address, passwords, children’s names, your sexual fetishes. It’s like so so so secure, there’s nothing to worry.

www.wiz.io/blog/wiz-res...

#ai #cybersecurity #vulns
#deepseek #chatgpt

Managing #vulns in #cybersecurity is hard. VDP, Bug Bounty, SAST, SCA, Pentest, DAST, ...
My experience: Do a pentest first, maybe DAST but move to VDP (or BugBounty) asap and run regular pentests. In parallel embed a SCA and SAST in your pipeline.
4di2.thrivecart.com/security-kic...

The first rule of IR: Do you have Fortinet, Avanti or Aviatrix?

#fortinet #firewalls #zeroday #vulns

thehackernews.com/2025/01/zero...

Vendor reports proudly announce all our apps have #vulnerabilities

Breaking news: 100% of humans need oxygen.

The real question is how many of those #vulns matter?

But that would require actual analysis instead of fear marketing

Average enterprise
200k+ security findings
5+ security tools
3+ meetings per critical issue

Yet still getting breached through known #vulns

Time to admit the old way, forced by vendor workflows, just isn't working!

We need a #SecurityTransformation

#AppSec #CISO #CTO #cyber #InfoSec #CVE #SecOps

Shocking but true: Most 'critical' security alerts are for #vulns you can't actually patch

It's like having a smoke alarm that only detects fires in your neighbours house

The shocking part is; you're their landlord, it's your house
#OpenSource
#SecOps #CISO #CTO #OSS #CVE #AppSec #DevSecOps #cyber

If your #vulnerability scanners keep finding the same issues in different places, you're treating symptoms instead of causes

Modern #AppSec requires systemic fixes, not endless patching

Evolve product security with #ThreatModelling and report on outcomes rather than #vulns

#VEX #DevSecOps #SecOps

Remember when we thought more security tools meant better security?

Now we're drowning in alerts while 62% of system intrusions still come through #vulns

Time to focus on outcomes, not #vulnerability discoveries
#InfoSec #cybersecurity #VEX

A screenshot of the video presentation that includes a slide showing common vulnerability management product reports as of 1999. These reports list vulnerabilities by severity and break down assets by operating system.

My keynote from CypherCon 7 is now online: 25 Years of Years of Vulnerability. Thanks again to Michael Goetzman and the whole @CypherCon crew for a warm welcome and an amazing event!

https://www.youtube.com/watch?v=qcyIyLrQGLg

#infosec #conference #vulns

GreyNoise Labs - Where are they now? Starring: Confluence CVE-2023-22527 Let’s look at current exploitation of CVE-2023-22527 - a Confluence template-injection vulnerability

I wrote a blog about ongoing exploitation of CVE-2023-22527, a Confluence vuln from January/2024. What the attacker's up to, what their payload does, etc. (TL;DR: it's crypto.. it seems like it's always crypto these days)

#cybersecurity #vulns #vulnerabilities #atlassian #confluence #poc #greynoise