A critical CrushFTP vulnerability now under exploitation in the wild has become mired in controversy and confusion. On March 31, the Shadowserver Foundation reported that exploitation activity was ...

The State of Maryland has launched a cybersecurity initiative aimed at improving resilience and coordination across all levels of government. The Office of Security Management has rolled out a ...

Vulnerabilities are lurking everywhere, like hidden landmines in the digital landscape waiting to be stepped on. As technology advances, so does the rate of vulnerability disclosures and the speed ...

Research in information security, risk management and investment has grown in importance over the last few years. However, without reliable estimates on attack probabilities, risk management is ...

The Homeland Security Department is seeking feedback on an enterprisewide vulnerability disclosure program that will make it easier for the public to report weaknesses in the agency’s IT ...

In 2023, there were more than 23,000 vulnerabilities discovered and disclosed. While not all of them had associated exploits, it has become more and more common for there to be a proverbial race to ...

The UK’s financial regulators have scrapped plans to mandate that “critical third party” (CTP) organizations disclose new software vulnerabilities to them. The decision was taken in response to ...

Vulnerabilities in PDF platforms from Foxit and Apryse could have been exploited for account takeover, data exfiltration, and ...

The Department of Defense Cyber Crime Center, known as the DC3, is expanding to address the increase in cyber attacks and vulnerabilities. The DC3’s Vulnerability Disclosure Program is expanding ...

Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today announced it is building on the company’s long-standing commitment to responsible ...

Jointly developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), ISO/IEC 29147 and ISO/IEC 30111 provide a structured framework ...

The European Union Agency for Cybersecurity (Enisa) has debuted a European Union Vulnerability Database (EUVD) to provide “aggregated, reliable and actionable” information on newly disclosed cyber ...