%term

Mastering API Security Testing: Stop BOLA and the OWASP Top 10 Before Deployment

Jul 23, 2025 By Wallarm In Wallarm

APIs drive modern applications, but their increasing complexity leaves them vulnerable to attacks. How can you ensure robust API security? Join Wallarm’s webinar to discover how to tackle today’s toughest API security challenges with advanced API security testing strategies. In this webinar we will cover: Learn how Wallarm’s innovative solutions can help you identify vulnerabilities, implement reliable security measures, and streamline your API testing process. Gain actionable insights into tools, best practices, and strategies to protect your APIs effectively.

View Video

Wallarm

Read more about Mastering API Security Testing: Stop BOLA and the OWASP Top 10 Before Deployment

Seemplicity Launches AI-Driven Features to Eliminate Remediation Bottlenecks

Jul 22, 2025 By Seemplicity In Seemplicity

Seemplicity unveiled a major product release packed with AI-powered capabilities to cut through noise, facilitate fixing teams, and reduce time to remediation. This latest release introduces AI Insights, Detailed Remediation Steps, and Smart Tagging and Scoping, three new capabilities that use AI to solve some of the most painful and time-consuming cybersecurity tasks.

Read Post

Seemplicity

Read more about Seemplicity Launches AI-Driven Features to Eliminate Remediation Bottlenecks

ToolShell Threat Brief: SharePoint RCE Vulnerabilities (CVE-2025-53770 & 53771) Explained

Jul 22, 2025 By Emma Stevens In BitSight

A serious new vulnerability (CVE-2025-53770, also known as “ToolShell”) is actively being exploited by cybercriminals to hack into on-premises Microsoft SharePoint Servers. The vulnerability, along with CVE-2025-53771 was discovered around July 18, 2025. Bitsight Research classifies CVE-2025-53770 as 10 out of 10 on our Dynamic Vulnerability Exploit (DVE) scale and CVE-2025-53771 as a 5.82 out of 10 indicating severe and moderate urgency respectively.

Read Post

BitSight

Read more about ToolShell Threat Brief: SharePoint RCE Vulnerabilities (CVE-2025-53770 & 53771) Explained

Cloudflare protects against critical SharePoint vulnerability, CVE-2025-53770

Jul 22, 2025 By Jin-Hee Lee In Cloudflare

On July 19, 2025, Microsoft disclosed CVE-2025-53770, a critical zero-day Remote Code Execution (RCE) vulnerability. Assigned a CVSS 3.1 base score of 9.8 (Critical), the vulnerability affects SharePoint Server 2016, 2019, and the Subscription Edition, along with unsupported 2010 and 2013 versions. Cloudflare’s WAF Managed Rules now includes 2 emergency releases that mitigate these vulnerabilities for WAF customers.

Read Post

Cloudflare

Read more about Cloudflare protects against critical SharePoint vulnerability, CVE-2025-53770

Seemplicity Feature Release Announcement - July 2025

Jul 22, 2025 By Kevin Swan In Seemplicity

We’re excited to announce a major Seemplicity release packed with new AI-driven features that help you fix faster, prioritize better, and streamline remediation at scale. This release introduces breakthrough capabilities that reduce noise, provide clarity, and eliminate bottlenecks between identifying risks and resolving them.

Read Post

Seemplicity

Read more about Seemplicity Feature Release Announcement - July 2025

Maintainers of ESLint Prettier Plugin Attacked via npm Supply Chain Malware

Jul 22, 2025 By Liran Tal In Snyk

Starting on July 19th, 2025, an npm supply chain security incident has been attacking maintainers of popular open-source npm packages on the npm registry.

Read Post

Snyk

Read more about Maintainers of ESLint Prettier Plugin Attacked via npm Supply Chain Malware

Nucleus MCP Integration: Scaling Risk Reduction with AI-Driven Insights

Jul 22, 2025 By Rob Gibson In Nucleus

Today, we’re excited to announce a preview of the Model Context Protocol (MCP) Server for Nucleus. This marks an important step towards AI-native workflows for vulnerability and exposure management. Model Context Protocol (MCP) is an emerging industry standard enabling seamless integration between enterprise applications and AI models. Backed by leading organizations like OpenAI, Microsoft, and Google, MCP servers are quickly becoming the foundation for AI-enablement across the enterprise.

Read Post

Nucleus

Read more about Nucleus MCP Integration: Scaling Risk Reduction with AI-Driven Insights

Cursor IDE Malware Extension Compromise in $500k Crypto Heist

Jul 21, 2025 By Liran Tal In Snyk

Cursor IDE, as many are aware, is a fork of the open source and popular VS Code IDE project from Microsoft. Similarly to VS Code, Cursor has support for IDE extensions, which prompts many developers to migrate over with their favorite extensions and long-lived workflows, shortcuts, themes, and other configurations. Back in May 2021, Snyk’s Security Labs conducted research that uncovered VS Code extensions vulnerable to insecure code patterns.

Read Post

Snyk

Read more about Cursor IDE Malware Extension Compromise in $500k Crypto Heist

From Hype to Trust: Building the Foundations of Secure AI Development

Jul 21, 2025 By Manoj Nair In Snyk

Generative AI and Agentic AI are changing everything from who writes software to how we define secure architecture. At Snyk’s recent Lighthouse event in NYC, leaders from cloud, security, and development teams came together to answer one essential question: how do we move fast with AI without breaking trust? The answer? Start with visibility, bake in security by design, and never lose sight of the humans behind the code.

Read Post

Snyk

Read more about From Hype to Trust: Building the Foundations of Secure AI Development

CVE-2025-53770: Widespread Exploitation of ToolShell RCE Vulnerability Observed in Microsoft SharePoint On-Premises

Jul 21, 2025 By Andres Ramos In Arctic Wolf

On July 19, 2025, Microsoft disclosed active exploitation of a zero-day vulnerability (CVE-2025-53770) affecting on-premises SharePoint Server instances. Originally, no patch was available for this vulnerability, but fixes were released late on the evening of July 20. CVE-2025-53770 is caused by the deserialization of untrusted data, allowing unauthenticated threat actors to execute code remotely over the network.

Read Post