Last fall, we issued the final version of Binding Operational Directive (BOD 20-01), which was issued in support of the Office of Management and Budget M-20-32, “Improving Vulnerability Identification ...

A critical authentication bypass vulnerability in CrushFTP, identified as CVE-2025-31161, has been actively exploited by remote attackers following a mishandled disclosure process. The flaw, which ...

JetBrains, the maker of a continuous integration and delivery (CI/CD) server platform called TeamCity, and cyber security firm Rapid7 are trading blows over the handling of two serious vulnerabilities ...

A critical CrushFTP vulnerability now under exploitation in the wild has become mired in controversy and confusion. On March 31, the Shadowserver Foundation reported that exploitation activity was ...

Vulnerability fully resolved in SDK v5.2.1 five months prior to public disclosure; no exploitation in the wild confirmedSINGAPORE, April 15, 2026 (GLOBE NEWSWIRE) -- EngageLab, an AI-first customer ...

A flaw in the EngageLab SDK exposed 50 million Android users, allowing malicious apps to exploit trusted permissions and ...

Much similar to Citrix-Bleed, the information disclosure bug was identified within NetScaler devices configured as gateway or virtual servers. A critical vulnerability has been affecting a line of ...

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More The latest Microsoft vulnerability added to CISA’s Known Exploited ...

Security researchers have been busy over the past year, earning more than $44.75 million in bounties for vulnerability disclosure. More organizations are adopting vulnerability disclosure programs ...

The State of Maryland has launched a cybersecurity initiative aimed at improving resilience and coordination across all levels of government. The Office of Security Management has rolled out a ...