The Cybersecurity and Infrastructure Security Agency (CISA) published its guide on Stakeholder-Specific Vulnerability Categorization (SSVC), which is critical to advancing the vulnerability management ecosystem.

A security vulnerability in Oracle Cloud Infrastructure (OCI) could have allowed unauthorized access to cloud storage volumes of all users, according to Wiz cybersecurity researchers.

Apple has disclosed security vulnerabilities affecting iPhones, Macs and iPads and released cybersecurity software updates for affected devices.

The Synopsys Cybersecurity Research Center (CyRC) team has identified a local privilege escalation vulnerability in Kaspersky VPN Secure Connection for Microsoft Windows.

As the number of cyberattacks rise, organizations must reconsider their approach to cybersecurity to be more proactive rather than reactive, which is why the adoption of proactive auditing, among a wider offensive cybersecurity approach, is so essential.

Google has released Chrome 103.0.5060.114 for Windows users to address a high-severity zero-day vulnerability exploited by attackers in the wild. The security vulnerability affected millions of Google Chrome users.

Compliance is vital. But when it justifies the status quo, a compliance-only approach to cybersecurity can be counterproductive. However, the adoption of a risk management approach can be the most useful to enterprise cybersecurity teams.

An unpatched security flaw in Travis CI could expose thousands of users to supply chain attacks, according to Aqua Security.

A new Microsoft Office zero-day security vulnerability allows adversaries to execute PowerShell commands via Microsoft Diagnostic Tool (MSDT) by opening a Word document. 

Security leaders are still dealing with the impact of Log4Shell. New Valtix research found cloud security leaders are changing the way they secure cloud workloads in the aftermath of Log4Shell.