Common Vulnerability Scoring System
All your vulns are belong to us! CISA wants to maintain gov control of CVE program
Get ready for a fight over who steers the global standard for vulnerability identification
Cybersecurity Month12 Sep 2025 |9
Stalkerware firm gets scooped by SQL-slinging security snoop
Infosec In Brief Also, Swiss ransomware posture looks like its cheese, the CVE Program wants YOU, more sus checks and more
Security06 Jul 2025 |1
IBM Cloud login breaks for second time this week and Big Blue isn't saying why
To make matters worse, IBM's security software has a critical vuln caused by an exposed password
Off-Prem05 Jun 2025 |8
America's cyber defenses are being dismantled from the inside
Opinion The CVE system nearly dying shows that someone has lost the plot
CSO23 Apr 2025 |93
Cisco scores a perfect CVSS 10 with critical flaw in its wireless system
Ultra-Reliable Wireless Backhaul doesn't live up to its name
Patches07 Nov 2024 |16
NIST turns to IT consultants to clear National Vulnerability Database backlog
Aims to get CVE logjam cleared by the end of FY 24
CSO03 Jun 2024 |5
BROADER TOPICS
GitHub Enterprise Server patches 10-outta-10 critical hole
On the bright side, someone made up to $30,000+ for finding it
Patches22 May 2024 |3
Okta October breach affected 134 orgs, biz admits
Infosec in brief Plus: CVSS 4.0 is here, this week's critical vulns, and 'incident' hit loan broker promises no late fees. Generous
Security06 Nov 2023 |6
Stop what you’re doing and patch this critical Confluence flaw, warns Atlassian
Risk of ‘significant data loss’ for on-prem customers
Patches31 Oct 2023 |2
Boris Johnson pleads ignorance, which just might work
Infosec in brief Also: More high-profile MOVEit victims; CVSS 4.0 coming soon; and a long list of critical vulnerabilities
Security17 Jul 2023 |77
New York county still dealing with ransomware eight months after attack
security in brief Also: iSpoof no more, Edmodo fined more than it can pay, UK is #1 (in CC theft), and the week's critical vulns
Security29 May 2023 |8
Google settles location tracking lawsuit for only $39.9M
in brief Also, more OEM Android malware, Google's bug reports (mostly) ditch CVEs, and this week's critical vulns
Security22 May 2023 |7
Cisco squashes critical bugs in small biz switches
You'll want to patch these as proof-of-concept exploit code is out there already
Patches18 May 2023 |
WordPress plugin hole puts '2 million websites' at risk
XSS marks the spot
Patches08 May 2023 |17
Google adds account sync for Authenticator, without E2EE
in brief Also: Your Salesforce Community site might be leaking; a new CPU side-channel; and this week's critical vunls
Security01 May 2023 |7
That 3CX supply chain attack keeps getting worse: Other vendors hit
In Brief Also, Finland sentences CEO of breach company to prison (kind of), and this week's laundry list of critical vulns
CSO24 Apr 2023 |9
Update now: Google emits emergency fix for zero-day Chrome vulnerability
In brief Also: Tech players spin up white hat protection, this week's critical bugs, and more
Security17 Apr 2023 |2
40% of IT security pros say they've been told not to report a data leak
In Brief Plus: KFC, Pizza Hut owner spills more beans on ransomware hit... latest critical flaws... and more
Cyber-crime11 Apr 2023 |16
School principal resigns after writing $100,000 check to Elon Musk impersonator
In Brief ALSO: DJI forgets the 'B' in 'BCC,' and this week's critical known exploits
Security03 Apr 2023 |88
Where are the women in cyber security? On the dark side, study suggests
In Brief Also, Royal ransomware metastasizes to other critical sectors, and this week's critical vulnerabilities
Security06 Mar 2023 |43
GoDaddy joins the dots and realizes it's been under attack for three years
In brief Also: Russia may legalize hacking; Oakland declares ransomware emergency; the CVEs you should know about this week
Security20 Feb 2023 |15
LockBit's Royal Mail ransom deadline flies by. No data released
in brief Also: Russian wiper malware authors turn to data theft, plus this week's critical vulns
Cyber-crime13 Feb 2023 |9
That critical vulnerability might not be the first you should patch
Startup Rezilion suggests enterprises should change prioritization strategies
Security30 May 2022 |5
Western Digital tells EdgeRover users to patch app again
Critical vulnerability may have allowed an attacker to escalate local privileges
Security21 Mar 2022 |3
US govt: Here are another 15 security bugs under attack right now
Best plug HiveNightmare if you haven't already, unless you like new admins
Security11 Feb 2022 |10
Need to prioritize security bug patches? Don't forget to scan Twitter as well as use CVSS scores
Exploit, vulnerability discussion online can offer useful signals
Security19 Jan 2022 |2
Biting the hand that feeds IT
