%term

Reviving DevSecOps: How Snyk's new framework builds trust and collaboration

Jan 23, 2025 By Ben Desjardins In Snyk

It’s been over a decade since DevSecOps was introduced as a transformative approach to software development, but adoption remains uneven. Despite its promise of seamless integration between development, security, and operations, only 38% of organizations report fully automating the addition of new projects, branches, or repositories into their security testing queues.

Read Post

Snyk

Read more about Reviving DevSecOps: How Snyk's new framework builds trust and collaboration

Taking a Threat Adapted Approach to Vulnerability Management

Jan 22, 2025 By Chris Jacob, VP and Will Baxter, Security Engineer In ThreatQuotient

As cyber threats continue to grow in complexity and frequency, vulnerability management requires more than just patching systems; it demands a dynamic, threat-adapted approach. As part of Cyber Rhino Threat Week (9-13th of December 2024) which aimed to inform, sharing threat intelligence insights and best practices with our customers, partners and industry ecosystem, we held a session that explored how integrating Threat Intelligence into Vulnerability Management can transform the way organisations prioritise and respond to risks.

Read Post

ThreatQuotient

Read more about Taking a Threat Adapted Approach to Vulnerability Management

How to create a new GitHub repository

Jan 22, 2025 By Snyk In Snyk

Watch the full video linked below for more...

View Video

Snyk

Read more about How to create a new GitHub repository

Understanding the EU's Cyber Resilience Act (CRA)

Jan 22, 2025 By Ben Desjardins In Snyk

The Cyber Resilience Act (CRA) introduces a much-needed framework for standardizing the cybersecurity practices of companies operating in the European Union (EU). The regulation sets clear expectations for hardware and software manufacturers, developers, and distributors, outlining how they should manage and address vulnerabilities at every stage of the product lifecycle.

Read Post

Snyk

Read more about Understanding the EU's Cyber Resilience Act (CRA)

Check out our latest podcast episode, featuring Sam Stepanyan, Global Board Member at OWASP!

Jan 22, 2025 By Netacea In Netacea

#Cybersecurity #podcast #onlinesecurity

View Video

Netacea

Read more about Check out our latest podcast episode, featuring Sam Stepanyan, Global Board Member at OWASP!

Stop Demonizing CVSS: Fix the Real Problem

Jan 22, 2025 By Scott Kuffer In Nucleus

If you read the newest risk-based vulnerability management literature, it appears we have a new favorite punching bag: the Common Vulnerability Scoring System (CVSS). You seemingly can’t throw a rock into the “vuln-o-sphere” without hitting someone dunking on CVSS or the National Vulnerability Database (NVD). The argument goes something like this: “Exploitation rates are up, ransomware is surging, and vulnerabilities are multiplying like rabbits.

Read Post

Nucleus

Read more about Stop Demonizing CVSS: Fix the Real Problem

The Ultimate Guide to Building and Publishing Modern npm Packages (PART 1)

Jan 20, 2025 By Snyk In Snyk

In this video, we’ll walk you through the process of creating a modern npm package from scratch. Whether you're a seasoned developer or just starting out, this step-by-step guide will show you how to build, test, and publish an npm package.

View Video

Snyk

Read more about The Ultimate Guide to Building and Publishing Modern npm Packages (PART 1)

Microsoft Corporation Latest Security Update on Actively Exploited Zero-Day Flaws for Safer Digital Operations

Jan 17, 2025 By Foresiet In Foresiet

Organizations need to be watchful and vigilant with their cyber space because cyber threats keep on evolving. And, in fact, urgency is provided by the security update of January 2025 from Microsoft, which patches at least 161 vulnerabilities, including three zero-day flaws actively exploited in the wild.

Read Post

Foresiet

Read more about Microsoft Corporation Latest Security Update on Actively Exploited Zero-Day Flaws for Safer Digital Operations

Fortinet Discloses Active Exploitation of Critical Zero-Day Vulnerability: CVE-2024-55591

Jan 17, 2025 By Kroll In Kroll

Note: These vulnerabilities remain under active exploitation and Kroll experts are investigating. If further details are uncovered by our team, updates will be made to the Kroll Cyber Risk blog. A critical authentication bypass vulnerability (CWE-288) affecting FortiOS and FortiProxy (FG-IR-24-535) allows remote attackers to obtain super admin privileges via Node.js WebSocket traffic.

Read Post

Kroll

Read more about Fortinet Discloses Active Exploitation of Critical Zero-Day Vulnerability: CVE-2024-55591

ConVErsations: Criminal Discussion of Vulnerabilities and Exploits

Jan 17, 2025 By Jovana Macakanja In CYJAX

Defenders often discuss security vulnerabilities on GitHub, Stack overflow, X (formerly Twitter), and other platforms to share knowledge of these threats and ensure users know when patches are available. Cybercriminals have a similar process, choosing to share vulnerability news, exploit code, and engage in technical discussions on cybercriminal forums. However, in contrast to defenders, these threat actors share this knowledge for the purpose finding unpatched systems and exploiting them.

Read Post