“Trying to chase one bug at a time” isn’t a cybersecurity strategy, as anyone who has tried to keep up with patch cycles can tell you. Recently, Joe Saunders and Doug Britton joined Paul Ducklin on Exploited: The Cyber Truth for a conversation on what Claude Mythos...
AI is changing the speed and scale of vulnerability discovery. With Anthropic’s Claude Mythos showing how quickly AI can uncover vulnerabilities and zero days, product security teams are facing a new reality: the time between finding a vulnerability and turning it...
Key Takeaways: Vulnerability scanners flag CVEs at the package level, often including vulnerabilities in code that was never compiled into your build. RunSafe’s reachability analysis automatically triages these out by cross-referencing CVEs against which source files...
URGENT/11 vulnerabilities allow attackers to take control of embedded devices remotely without any user interaction and often without triggering traditional security defenses. Discovered in 2019, these eleven flaws in the IPnet TCP/IP stack affect millions of devices...
Across industries, the year’s most damaging vulnerabilities shared the same defining trait: unauthenticated remote code execution (pre-auth RCE) on internet-facing systems. VPNs, firewalls, web frameworks, and even core ERP platforms all fell victim to flaws that...
Operational technology (OT) sits at the heart of modern society. From power generation and water treatment to manufacturing plants and data centers, OT systems keep the physical world running. But securing these environments is fundamentally different from securing...