The number of Citrix customers impacted by CVE-2025-5777 remains unknown, but researchers have already observed more than 11.5 million attack attempts, targeting thousands of sites.

The CVE program publishes standardized information about known cyber vulnerabilities, while the NVD is a storehouse for vulnerability management data.

The domino effect of CVE disruption is something all cybersecurity practitioners must be aware of, a Morphisec executive argues.

The besieged security vendor maintains the latest exploited vulnerabilities in its products are entirely linked to unspecified security issues in open-source libraries. Some researchers aren’t buying it.

Semperis CEO Mickey Bresman

The network security device vendor is making a regular appearance on CISA’s known exploited vulnerabilities catalog. Unlike its competitors, SonicWall hasn’t signed the secure-by-design pledge.

Researchers attribute the attacks to an initial access broker who is exploiting the 10.0 critical vulnerability.

While the last-minute extension averts an immediate lapse in support, rival organizations are being stood up to supplant the global vulnerability system. 

Exploited vulnerabilities have turned up in Ivanti products 16 times since 2024. That’s more than any other vendor in the network edge device space.

The company released a host of security patches Monday, including ones that address two zero-day vulnerabilities.