%term

CVE-2025-59287 WSUS Vulnerability: Exploitation, Defense & Detection Explained

Feb 6, 2026 By Fidelis Security In Fidelis Security

CVE-2025-59287 turns WSUS (Windows Server Update Services) into a high-value attack surface—and attackers are already abusing it. In this video, we break down how CVE-2025-59287 is exploited, what defenders should look for, and how to mitigate and detect attacks before damage spreads across your environment. What you’ll learn in this video: How attackers scan exposed WSUS servers on ports 8530 and 8531.

View Video

Fidelis Security

Read more about CVE-2025-59287 WSUS Vulnerability: Exploitation, Defense & Detection Explained

What are OWASP Secure Coding Practices? Top 10 Web App Security Vulnerabilities 2021 vs 2025

Feb 5, 2026 By SignMyCode In SignMyCode

OWASP (Open Web Application Security Project) is a non-profit organisation that has been in existence since 2001. Its mission is to educate (provide direction) webmasters and security professionals about how to create, buy, and keep secure, trusted software applications.” In simple terms, OWASP is a group of application security companies and experts that work collectively to develop a list of the most serious security threats to web applications.

Read Post

SignMyCode

Read more about What are OWASP Secure Coding Practices? Top 10 Web App Security Vulnerabilities 2021 vs 2025

Snyk Finds Prompt Injection in 36%, 1467 Malicious Payloads in a ToxicSkills Study of Agent Skills Supply Chain Compromise

Feb 5, 2026 By Luca Beurer-Kellner In Snyk

The first comprehensive security audit of the Agent Skills ecosystem reveals malware, credential theft, and prompt injection attacks targeting OpenClaw, Claude Code, and Cursor users Agent skills are reusable capability packages that instruct AI agents how to interact with tools, APIs, or system resources—and they're rapidly becoming standard in AI-powered development.

Read Post

Snyk

Read more about Snyk Finds Prompt Injection in 36%, 1467 Malicious Payloads in a ToxicSkills Study of Agent Skills Supply Chain Compromise

280+ Leaky Skills: How OpenClaw & ClawHub Are Exposing API Keys and PII

Feb 5, 2026 By Luca Beurer-Kellner In Snyk

On Monday, February 3rd, Snyk Staff Senior Engineer Luca Beurer-Kellner and Senior Incubation Engineer Hemang Sarkar uncovered a massive systemic vulnerability in the ClawHub ecosystem (clawhub.ai). Unlike the malware campaign we reported yesterday involving specific malicious actors, this new finding reveals a broader, perhaps more dangerous trend: widespread insecurity by design. In this write-up, Snyk is presenting Leaky Skills - uncovering exposed and insecure credentials usage in Agent Skills.

Read Post

Snyk

Read more about 280+ Leaky Skills: How OpenClaw & ClawHub Are Exposing API Keys and PII

Lessons From 2025: Zero-Day Exploitation Shaping 2026

Feb 5, 2026 By Lydia Atienza In Outpost 24

Zero-day exploits were among the defining cyber threats of 2025, with high-severity flaws affecting platforms such as React2Shell, Oracle E-Business Suite (EBS), and CitrixBleed 2 highlighting how quickly zero-days can be weaponized and how damaging they can be. To help organizations understand the zero-day threat landscape, Outpost24’s threat intelligence team has compiled a review of the vulnerabilities they encountered in the wild throughout 2025.

Read Post

Outpost 24

Read more about Lessons From 2025: Zero-Day Exploitation Shaping 2026

Context-Driven Security: CTEM as a Necessity for Cybersecurity

Feb 5, 2026 By Nucleus Security In Nucleus

Nucleus Security's Adam Dudley talks about the platform's place in a highly functioning CTEM approach during a joint webinar with Cycode and HackerOne.

View Video

Nucleus

Read more about Context-Driven Security: CTEM as a Necessity for Cybersecurity

Internet Exposure and Vulnerability Risk: Why Reachability Changes Everything

Feb 5, 2026 By Nucleus Security In Nucleus

In this conversation, Ryan Cribelar, R&D Engineer at Nucleus Security, breaks down why internet exposure is one of the most important layers of context in vulnerability and exposure management. Security teams are flooded with vulnerability data, but not every finding carries the same level of risk. As Ryan explains, whether a vulnerability is reachable from the internet can dramatically change how urgent it really is. Internet exposure shortens the path from discovery to exploitation and often determines whether a vulnerability is theoretical or immediately actionable.

View Video

Nucleus

Read more about Internet Exposure and Vulnerability Risk: Why Reachability Changes Everything

Ten threats traditional Antivirus misses (and Next-Gen AV doesn't)

Feb 4, 2026 By Manish Mandal In ManageEngine

The cybersecurity arena is rapidly shifting and CISOs are locked in a relentless struggle against adversaries who rarely reveal themselves. Traditional antivirus (AV) solutions, which has been the primary shield (and still is for many companies) has reached its 'End of life'. The reason is clear: signature-based protection simply isn't enough anymore.

Read Post

ManageEngine

Read more about Ten threats traditional Antivirus misses (and Next-Gen AV doesn't)

Disclosure: SupportCandy Ticket Attachment IDOR (CVE-2026-1251)

Feb 4, 2026 By Theklis Stefani In Sentrium

During independent security research conducted as part of the Wordfence Bug Bounty Program, we identified a broken access control vulnerability in the SupportCandy plugin for WordPress. SupportCandy is a helpdesk and customer support ticketing plugin that enables organisations to manage user-submitted support requests directly within their WordPress environment, including the ability to upload files and exchange attachments through ticket replies.

Read Post