Security vulnerabilities stories

Armis launches free Vulnerability Intelligence Database to help security teams anticipate and tackle cyber threats with real-time, AI-driven insights.

The Cloud Native Computing Foundation has awarded its highest maturity status to in-toto, a security framework ensuring integrity in software development workflows.

Perforce Software updates Puppet Enterprise Advanced to accelerate vulnerability fixes and boost collaboration amid rising cyber threats and AI-driven attacks.

Cycode launches AI Teammates and CI/MON runtime protection to enhance software supply chain security and threat detection in application security.

Tenable Research revealed a privilege escalation flaw in Google Cloud Composer, risking unauthorised access to key cloud resources before Google's fix.

Socket has acquired cybersecurity startup Coana to enhance its supply chain security platform, cutting false positives by up to 80% for faster threat remediation.

Lasso has unveiled its MCP Gateway, the first security tool tailored for Model Context Protocol, aiming to bolster safety in generative AI workflows.

Cobalt's 2025 State of Pentesting Report reveals that 31% of serious security vulnerabilities remain unaddressed, despite 81% of leaders' confidence in their security.

Australian organisations face rising cyber threats bypassing MFA, prompting a shift to passwordless authentication and a AUD $288.1 million government security boost.

Microsoft's recent Patch Tuesday sparked scrutiny with a 40-minute delay in updates and notable vulnerabilities, including a critical zero-day in the CLFS Driver.

Black Talon Security has elevated Paul Murphy to Chief Growth Officer, aiming to boost strategies and partnerships in the dental and healthcare sectors.

Team82 has unveiled an open-source debugger aimed at simplifying the analysis of Windows CE applications, crucial for security researchers in legacy environments.

The UK government has unveiled the Cyber Security and Resilience Bill, aiming to bolster protections for critical infrastructure against rising cyber threats.

Research by CYFOX has uncovered critical vulnerabilities in smart TVs that threaten corporate networks, highlighting a broader industry security concern.

A recent cyber attack has compromised over 23,000 GitHub repositories, raising alarms over software supply chain security and the exploitation of trusted components.

A malicious commit in the tj-actions/changed-files GitHub Action, used in over 23,000 repositories, threatens software security across numerous CI pipelines.

Tenable Research has raised alarms over security vulnerabilities in the generative AI model DeepSeek R1, warning it could simplify malware creation.

Nozomi Networks has been ranked third in Fast Company's World’s Most Innovative Companies 2025 for its pivotal work in securing critical infrastructure from cyber threats.

JFrog has incorporated NVIDIA NIM microservices into its Software Supply Chain Platform, enhancing secure AI model deployment and streamlining enterprise solutions.

A recent SANS Institute and OPSWAT report reveals serious shortcomings in ICS/OT cybersecurity budgets, with over half of organisations experiencing security incidents last year.