Common Vulnerabilities and Exposures (CVE) stories - Page 3

CISA extends its contract with MITRE for another 11 months at USD $44 million, securing the critical CVE vulnerability programme amid funding concerns.

Concerns rise as MITRE's contract to manage the CVE vulnerability database nears expiry, risking disruption to global cybersecurity infrastructure.

US government funding for MITRE's CVE programme has expired, risking disruption to global cybersecurity efforts and vulnerability tracking systems.

Microsoft's recent Patch Tuesday sparked scrutiny with a 40-minute delay in updates and notable vulnerabilities, including a critical zero-day in the CLFS Driver.

Zscaler's 2025 ThreatLabz VPN Risk Report reveals soaring VPN usage in Australia but warns of heightened security risks, urging a shift to Zero Trust architectures.

N-able has launched a new Vulnerability Management feature for its UEM products, enhancing risk mitigation for organisations amid rising cyber threats.

runZero has unveiled an expanded platform to enhance exposure management, promising to aid organisations in effectively managing risk across their attack surfaces.

Kaspersky has uncovered and patched a critical zero-day vulnerability in Google Chrome, enabling attackers to bypass sandbox protections via malicious links.

A malicious commit in the tj-actions/changed-files GitHub Action, used in over 23,000 repositories, threatens software security across numerous CI pipelines.

As cyber attacks surge, the World Economic Forum warns of a widening skills gap, urging organisations to foster a culture of cyber hygiene for better security.

JFrog has partnered with Hugging Face to enhance security for machine learning models, boosting safety measures on the Hugging Face Hub against potential threats.

Microsoft has patched 56 vulnerabilities in its latest update, including seven zero-day flaws, six of which have been actively exploited.

A recent Bitdefender report reveals February 2025 as the worst month for ransomware, with victims rising 126% to 962, including a notable impact on Australia.

Mandiant has uncovered a sophisticated cyber espionage campaign by the China-linked group UNC3886, targeting outdated Juniper Networks routers with advanced malware.

Australia has climbed to fourth place globally for cyberattacks on critical infrastructure, as a report reveals a surge in diverse threats targeting various sectors.

The Forum of Incident Response and Security Teams predicts a staggering 45,505 reported vulnerabilities for 2025, marking an 11% rise from 2024.

The FBI and CISA have alerted organisations to increased cyber threats from China's Ghost ransomware group, affecting over 70 countries through outdated software.

Microsoft has patched 56 vulnerabilities in its February 2025 update, including two now exploited, marking a fifth month of no critical zero-days released.

Rapid7 has revealed a critical SQL injection vulnerability in PostgreSQL's psql tool, potentially exposing users to severe security risks.

GitHub has partnered with Endor Labs, integrating advanced security software to help developers swiftly identify and manage critical vulnerabilities within the platform.