A misconfigured API endpoint in ServiceNow allowed unauthenticated access to customer tables — remediation was delayed by more than six weeks after the bug bounty report.
Ubiquiti UniFi OS contains multiple critical security vulnerabilities that can lead to unauthenticated code execution, information disclosure, and privilege escalation.
A 19-year-old validation flaw in the CIFS kernel subsystem allows local attackers to gain root privileges through forged authentication requests and NSS library manipulation.
VerdantBamboo strategically exploits Linux appliances in under-protected network positions as an access bridge to compromise high-value targets and bypass network security mechanisms.
Anthropic calls for an aviation-like regulatory authority or commissioned private auditors to examine AI models for critical risks before their release.
Stormshield launches the SNi50, an OT firewall with network segmentation, protocol inspection, and VPN remote maintenance designed to ensure high availability and NIS2 compliance for critical infrastructure.
NIS2 requires companies to establish structured governance, implement technical security measures, and maintain demonstrable incident-response processes, for which CISOs must assume full responsibility at board level.
NIS2 requires organisations to ensure security awareness functions in real work situations and does not remain merely theoretical knowledge — a focus on behavioural change rather than compliance documentation.
npm blocks automatic package installation scripts by default starting with version 12, a practice that competitors like Yarn, pnpm, and Bun had already established.
