CVE Archives

Future-ready cybersecurity: Lessons from the MITRE CVE crisis

The domino effect of CVE disruption is something all cybersecurity practitioners must be aware of, a Morphisec executive argues.

5 days ago By Brad LaPorte

A logo sign outside of the headquarters of Ivanti in South Jordan, Utah. (Kristoffer Tripplaar / Alamy Stock Photo)

Questions mount as Ivanti tackles another round of zero-days

The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren’t buying it.

May 28, 2025 By Matt Kapko

Safe Mode

Semperis CEO Mickey Bresman on the power of tabletop exercises

Semperis CEO Mickey Bresman

May 15, 2025 By CyberScoop Staff

SonicWall headquarters — SonicWall’s headquarters in Milpitas, California. (Getty Images)

SonicWall customers confront resurgence of actively exploited vulnerabilities

The network security device vendor is making a regular appearance on CISA’s known exploited vulnerabilities catalog. Unlike its competitors, SonicWall hasn’t signed the secure-by-design pledge.

May 9, 2025 By Matt Kapko

SAP software is used throughout the Fortune 500. The company is dealing with a critical software bug disclosed this week. (Getty Images)

SAP zero-day vulnerability under widespread active exploitation

Researchers attribute the attacks to an initial access broker who is exploiting the 10.0 critical vulnerability.

Apr 25, 2025 By Matt Kapko

CISA reverses course, extends MITRE CVE contract

While the last-minute extension averts an immediate lapse in support, rival organizations are being stood up to supplant the global vulnerability system.

Apr 16, 2025 By Derek B. Johnson

Is Ivanti the problem or a symptom of a systemic issue with network devices?

Exploited vulnerabilities have turned up in Ivanti products 16 times since 2024. That’s more than any other vendor in the network edge device space.

Apr 14, 2025 By Matt Kapko

The Apple Inc logo is displayed outside a retail store at the Third Street Promenade in Santa Monica, California on March 20, 2023. (Photo by PATRICK T. FALLON/AFP via Getty Images)

Apple issues fixes for vulnerabilities in both old and new OS versions

The company released a host of security patches Monday, including ones that address two zero-day vulnerabilities.

Apr 1, 2025 By Matt Kapko

Researchers raise alarm about critical Next.js vulnerability

The software defect in the widely used open-source JavaScript framework allows attackers to bypass middleware-based authorization.

Mar 24, 2025 By Matt Kapko

Despite challenges, the CVE program is a public-private partnership that has shown resilience

In 1999, Dave Mann and Steve Christey, two researchers from the nonprofit R&D corporation MITRE, debuted a concept for security vulnerabilities that laid the groundwork for the…

Mar 24, 2025 By Cynthia Brumfield