Aggregator

A critical memory overflow vulnerability in NetScaler ADC and Gateway products could enable denial-of-service attacks. Exploits of this vulnerability have already been observed in the wild. The vulnerability, tracked as CVE-2025-6543, carries a CVSS v4.0 base score of 9.2, classifying it as critical severity. This memory overflow flaw stems from improper restriction of operations within […]

The post New ‘CitrixBleed2’ NetScaler ADC and Gateway Vulnerability Actively Exploited in the Wild appeared first on Cyber Security News.

A vulnerability classified as problematic has been found in SeedDMS 6.0.32. This affects an unknown part of the component Document Name Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-45754. It is possible to initiate the attack remotely. There is no exploit available.

Voice Analytics Firm to Expand Footprint in Finance, Defense and Insurance
Clearspeed will use its $60 million raise to build out teams and technology as it scales its AI-powered voice screening platform across finance, insurance and security sectors. CEO Alex Martin said the firm aims to double revenue and push into conservative sectors seeking AI-powered trust solutions.

Hackers Can Use Unverified Email to Log onto SaaS Apps With Entra ID
A flaw in a Microsoft single sign-on feature allowing cloud app account takeovers discovered in 2023 never really went away, say researchers - notwithstanding a computing giant claim that it almost immediately fixed the vulnerability known as nOAuth.

Gartner Says Leaders Should Balance AI Innovation With Strong Data Governance
As AI adoption grows, Gartner warns that data governance, not technology, is the top hurdle. At the Mumbai summit, Gartner analysts said data and analytics leaders should shift from fear to trust, align with business goals and scale AI through practical governance.

We’re building AI agents where logic and reasoning are handled by OpenAI’s Agents SDK, and execution happens across Cloudflare's global network via Cloudflare’s Agents SDK.

Malicious actors are exploiting AI-fabricated software components — presenting a major challenge for securing software supply chains.

Пока что телескопы бессильны в загадках прошлого. Но учёные нашли другой выход…

A vulnerability was found in YaBB 1.5.4/1.5.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file post.php. The manipulation of the argument quote leads to sql injection. This vulnerability is known as CVE-2004-0291. The attack can be launched remotely. Furthermore, there is an exploit available.

The United States has become a popular target for hacktivist groups in the escalating Israel-Iran conflict, following U.S. attacks on Iranian nuclear sites on June 21, 2025. Several pro-Iranian hacktivist collectives, including Mr Hamza, Team 313, Cyber Jihad, and Keymous+, have claimed responsibility for a series of Distributed Denial of Service (DDoS) attacks targeting U.S. […]

The post Hacktivist Groups Target U.S. Companies and Military Domains in Retaliation for Iran Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Tines announced autonomous AI capabilities within its workflow automation platform via the launch of agents. Agents mark a significant evolution in Tines’ platform, enabling customers to automate workflows with maximum control and flexibility, whether with deterministic logic, human-in-the-loop copilots, or full AI autonomy. Agents enable Tines customers to build intelligent, context-aware workflows that can act independently, suggest next steps, and collaborate with users in real time. The addition of agents allows customers to choose the … More →

The post Tines allows teams to choose the right AI level for any workflow appeared first on Help Net Security.

A vulnerability was found in Php.html kandalf upper 0.1. It has been rated as critical. This issue affects some unknown processing of the file upper.php of the component File Upload. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2009-4451. The attack may be initiated remotely. Furthermore, there is an exploit available.

Cybersecurity researchers have detailed two now-patched security flaws in SAP Graphical User Interface (GUI) for Windows and Java that, if successfully exploited, could have enabled attackers to access sensitive information under certain conditions. The vulnerabilities, tracked as CVE-2025-0055 and CVE-2025-0056 (CVSS scores: 6.0), were patched by SAP as part of its monthly updates for January

Tenable One empowers security teams to go beyond surface-level risk tracking and drive measurable improvements across their security programs. With unified visibility and customizable dashboards, Tenable One makes it easy to monitor the KPIs that matter most, helping teams shift from reactive firefighting to proactive, strategic exposure management.

The importance of KPIs in exposure management

Effective exposure management isn't just about identifying risks — it's about continuously measuring and reducing real exposure. Key performance indicators (KPIs) provide security teams with critical visibility into program effectiveness, helping them prioritize actions, monitor progress and ensure alignment with broader business objectives.

In this blog, we’ll highlight the top KPIs Tenable One customers track to reduce risk, accelerate remediation and demonstrate impact to stakeholders.

Essential KPIs for effective exposure management1. SLA performance metrics

Tracking service level agreement (SLA) performance is crucial for understanding how consistently your organization meets its remediation targets. This provides insight into whether your security team is keeping pace with exposure management commitments or if risk is accumulating across specific asset groups.

• SLA Compliant Assets Over Time: This metric offers visibility into how well your organization is meeting its remediation goals. It highlights which areas are effectively keeping up with exposure resolution and where unresolved risks may be building up.
   

  Tenable One dashboard widget 

• Top Critical and High Detections by Number of Findings Exceeding SLA: These metrics highlight growing technical debt — findings that remain unresolved beyond their expected timelines, increasing your organization's risk exposure. Consistent tracking allows for early detection of bottlenecks, ownership gaps, or resource constraints before they lead to larger, more challenging risks. By tracking findings approaching SLA, teams gain a proactive view, enabling them to act on critical assets — either through remediation or mitigation – before SLA breaches occur.

  Tenable One dashboard widget 

Monitoring trends in these KPIs allows organizations to identify periods of declining compliance and pinpoint areas requiring immediate attention.

2. Risk posture and exposure trends 

A holistic understanding of your organization's risk posture and evolution over time is fundamental to strategic exposure management. 

• Cyber Exposure Score (CES) Over Time: This metric provides a high-level view of your organization’s total risk exposure. It aggregates risk across all assets, reflecting how the attack surface evolves and whether remediation efforts are effectively reducing overall risk. Monitoring CES trends helps your security team understand the direction of their risk posture — whether it's improving, plateauing, or worsening — and serves as a strategic signal for leadership.

  Tenable One dashboard widget 

• Assets Exposure Score by Exposure Category (VM, OT, Cloud, etc.): This metric allows you to compare risk posture across different technology stacks, prioritize remediation efforts and allocate resources to areas with the highest average exposure.

  Tenable One dashboard widget

• CES Exposure Score by Exposure Category and Asset Type: This metric helps identify whether specific asset types within a category disproportionately contribute to cumulative risk, facilitating precise action and enabling data-driven decisions on resource allocation.

  Tenable One dashboard widget

Tracking these metrics enables data-driven decisions on resource allocation. It allows for drill-downs into contributing assets and exposure categories, ensuring your efforts are always aligned with the most critical risks.

3. Remediation KPIs

Effective remediation tracking is critical to ensuring weaknesses are not merely detected but addressed promptly and consistently. This category of KPIs focuses on measuring the efficiency of vulnerability resolution, tracking how long issues remain open and identifying potential delays or regressions.

• Findings by State Over Time: This metric illustrates the progression of findings through "Active," "Fixed," and "Resurfaced" states over time. It offers visibility into remediation volume, closure rates and recurring issues. A steady increase in resurfaced findings can indicate incomplete fixes or recurring vulnerabilities due to configuration drift or asset churn.

  Tenable One Dashboard Widget

• Findings Age by Severity: This metric highlights which high-severity issues are aging without resolution, serving as a key risk indicator tied to SLA adherence.

  Tenable One dashboard widget 

• Average Remediation Days by Asset Type: This metric helps uncover which teams or environments take longer to remediate issues, pointing to inefficiencies or gaps in ownership.

  Tenable One dashboard widget

When tracked collectively, these metrics empower security teams to assess the speed and consistency of remediation; detect bottlenecks and high-risk delays across severity levels and asset owners; and focus remediation efforts where they are most impactful. Organizations can monitor and fix trends, investigate spikes in resurfaced findings, and benchmark asset groups based on average remediation time to drive process improvements.

Transform your exposure management with Tenable One

Tenable One provides security teams with unified, customizable risk dashboards and reports. These tools offer the actionable insights needed to track and optimize your exposure management outcomes, empowering your organization to effectively measure, manage and reduce exposure risk.

By effectively tracking these essential KPIs within Tenable One, organizations can:

• Reduce risk and prevent breaches

Make data-driven decisions to focus remediation efforts where they matter most, optimize resource allocation and proactively address critical risks before they escalate.

• Accelerate remediation

Identify remediation bottlenecks and ownership gaps to drive accountability, ensure timely resolution of high-risk issues and track progress to stay on target with SLA commitments.

• Secure budget and buy-in

Communicate program effectiveness and measurable improvements to stakeholders, demonstrating how security initiatives directly support business goals and reduce organizational risk.

Explore how Tenable One can empower your organization to quantify and reduce exposure risk.

Semperis estimates that at least 15,000 enterprise SaaS applications are still vulnerable to a flaw discovered in 2023

A vulnerability classified as problematic has been found in Jmol Plugin up to 6.1 on Moodle. This affects an unknown part of the file jsmol.php. The manipulation of the argument data leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-34032. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Advantech Wireless Sensing and Equipment A2.01 B00. Affected by this issue is some unknown functionality of the component Modbus TCP Packet Handler. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2025-48466. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Advantech Wireless Sensing and Equipment A2.01 B00. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2025-48470. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Advantech Wireless Sensing and Equipment A2.01 B00 and classified as critical. This issue affects some unknown processing of the component Public Update Page. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2025-48469. The attack can only be done within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the component File Handler. The manipulation leads to improper control of resource identifiers. This vulnerability is uniquely identified as CVE-2025-6534. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.