%term

What Is FedRAMP Vulnerability Scanning? Requirements, Tools & Best Practices

Jun 30, 2025 By Keshav Malik In Astra

For any cloud service provider (CSP) aiming to work with the U.S. federal government, understanding the Federal Risk and Authorization Management Program (FedRAMP) is due diligence. This government-wide initiative standardizes the assessment, authorization, and monitoring of cloud products for security.

Read Post

Astra

Read more about What Is FedRAMP Vulnerability Scanning? Requirements, Tools & Best Practices

Gemini 2.5 fixed a major security flaw - but missed these

Jun 29, 2025 By Snyk In Snyk

Gemini 2.5 fixed a major security flaw — but missed these.

View Video

Snyk

Read more about Gemini 2.5 fixed a major security flaw - but missed these

Vulnerability Management Metrics and KPIs: What to Track and Why It Matters

Jun 27, 2025 By Vinugayathri Chinnasamy In Indusface

Vulnerability management is not just about spotting weaknesses. It is about fixing them effectively and staying ahead of attackers. And the urgency has never been clearer: the 2025 Verizon DBIR shows a 34% increase in attackers exploiting vulnerabilities to gain initial access and cause breaches compared to last year’s report. So, how can you be sure you are on the right track? Are you reducing risk efficiently? Are critical vulnerabilities being remediated before they are exploited?

Read Post

Indusface

Read more about Vulnerability Management Metrics and KPIs: What to Track and Why It Matters

AI stopped using this outdated security package

Jun 27, 2025 By Snyk In Snyk

AI stopped using this outdated security package.

View Video

Snyk

Read more about AI stopped using this outdated security package

A 101 Guide to GDPR Vulnerability Assessment

Jun 27, 2025 By Keshav Malik In Astra

The GDPR has compelled a shift in how companies manage personal data. At the heart of GDPR is the requirement to safeguard customer data from unauthorized access, loss, or alteration. GDPR vulnerability assessment is a basic requirement, whether you’re based in the EU or not. If you process the data of EU residents, this assessment isn’t optional.

Read Post

Astra

Read more about A 101 Guide to GDPR Vulnerability Assessment

CVE-2025-20281 & CVE-2025-20282: Maximum Severity Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC

Jun 26, 2025 By Andres Ramos In Arctic Wolf

On June 25, 2025, Cisco released patches for two maximum-severity vulnerabilities in Cisco Identity Services Engine (ISE) and ISE-Passive Identity Connector (ISE-PIC). Both flaws allow unauthenticated, remote threat actors to execute commands on the underlying operating system with root privileges via exposed HTTPS APIs. Although similar in outcome, the vulnerabilities are independent and do not require each other to be exploited.

Read Post

Arctic Wolf

Read more about CVE-2025-20281 & CVE-2025-20282: Maximum Severity Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC

When your Snyk scan returns NOTHING (and how to fix it)

Jun 26, 2025 By Snyk In Snyk

When your Snyk scan returns NOTHING (and how to fix it)

View Video

Snyk

Read more about When your Snyk scan returns NOTHING (and how to fix it)

Operationalizing the OWASP AI Testing Guide with GitGuardian: Building Secure AI Foundations Through NHI Governance

Jun 26, 2025 By Dwayne McDaniel In GitGuardian

Align your AI pipelines with OWASP AI Testing principles using GitGuardian’s identity-based insights to monitor, enforce, and audit secrets and token usage.

Read Post

GitGuardian

Read more about Operationalizing the OWASP AI Testing Guide with GitGuardian: Building Secure AI Foundations Through NHI Governance

Software Security: Treat Vulnerabilities Like Regular Bugs! #cybersecurity #softwaresecurity

Jun 26, 2025 By Mend In Mend

Mend.io, formerly known as Whitesource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open source and custom code, and open-source license risks.

View Video

Mend

Read more about Software Security: Treat Vulnerabilities Like Regular Bugs! #cybersecurity #softwaresecurity

Beyond Traditional Threats: The Rise of AI-Driven API Vulnerabilities

Jun 26, 2025 By Wallarm In Wallarm

AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against well-understood threats. But as AI proliferates, automated adversaries, AI-crafted exploits, and business logic abuse have complicated matters. It’s no longer enough to merely patch known flaws; security teams must now contend with intelligent, adaptive attacks that evolve as fast as the technology they target.

Read Post