The National Vulnerability Database announced that a popular Google Analytics WordPress plugin installed in over 3 million was discovered to contain a Stored Cross-Site...
A public effort to create a way of predicting the exploitation of vulnerabilities announced a new machine learning model that improves its prediction capabilities...
Many vulnerabilities that ransomware operators used in 2022 attacks were years old and paved the way for the attackers to establish persistence and move...
Developers, security professionals, and investors all find something to like about Snyk and its developer security platform, which helps organizations mitigate their risk of...
Back in November 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) published the Known Exploited Vulnerabilities (KEV) Catalog to help federal agencies and...
Securing the software supply chain is an increasingly complex and time-consuming challenge for enterprises. To help developers find vulnerability data for open source components,...
In many cases, once a high-risk security vulnerability has been identified in a product, a bigger challenge emerges: how to identify the affected component...
Just turning the patch dial to "high" is not enough, and if your company is using the Common Vulnerability Scoring System (CVSS) to prioritize software patching, you are doing it wrong.
In the wake of WannaCry and its ilk, the National Vulnerability Database arose to help security organizations track and prioritize vulnerabilities to patch. Part 1 of 3.