Hosted on MSN

Security’s blind spot: the problem with taking CVE scores at face value

The modern software supply chain is operating under unprecedented pressure as new vulnerabilities emerge at a record pace. In 2024 alone, more than 33,000 new Common Vulnerabilities and Exposures ...
The Hacker News

New MongoDB Flaw Lets Unauthenticated Attackers Read Uninitialized Memory

High-severity CVE-2025-14847 allows unauthenticated attackers to read uninitialized heap memory in MongoDB due to a zlib ...
Infosecurity-magazine.com

Navigating the Vulnerability Maze: Understanding CVE, CWE, and CVSS

The Forum of Incident Response and Security Teams (FIRST) officially launched the fourth version of the Common Vulnerability Scoring System (CVSS 4.0), in November 2023. CVSS 4.0, the industry ...
The Hacker News

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

A critical LangChain Core vulnerability (CVE-2025-68664, CVSS 9.3) allows secret theft and prompt injection through unsafe ...
Infosecurity Magazine

Five Key Flaws Exploited in 2025's Major Software Supply Chain Incidents

Infosecurity has selected five of the most significant vulnerability exploitation campaigns of 2025 that led to major ...
SiliconANGLE

Critical Atlassian Confluence flaw with vulnerability score of 10 draws federal warning

The U.S. Cybersecurity and Infrastructure Agency, the Federal Bureau of Investigation and the Multi-State Information Sharing and Analysis Center today released a Cybersecurity Advisory over a ...
SecurityWeek

SonicWall Patches Exploited SMA 1000 Zero-Day

Threat actors are chaining CVE-2025-40602, a fresh SonicWall zero-day, with CVE-2025-23006 for unauthenticated remote code ...