The new system emerges after repeated funding crises exposed the fragility of the 25-year-old CVE program that cybersecurity defenders worldwide depend on.

Talha Tariq quickly found his company at the center of a fast-moving, high-stakes mitigation effort. The result: a bounty program, a cat-and-mouse patch fight, and a debate…

Roughly 100,000 servers running the automated workflow platform for AI and other enterprise tools are potentially exposed to exploitation.

Microsoft closed out the year with 1,139 total defects patched, making it the second-largest year in volume behind 2020, according to Trend Micro.

A debate over actual exploitation is muddying response efforts. Multiple researchers say they’ve observed working proof of concepts while others assert evidence of attacks is lacking.

The open-source code library is one of the most extensively used application frameworks. Wiz found vulnerable versions in around 39% of cloud environments.

The company’s latest security update contains the second-highest number of defects patched so far this year.

The high-severity defect affects a widely used — but largely hidden — archive tool that spans many forks.

Researchers aren’t aware of any active exploitation of the software, but the issue is being dealt with simultaneously as attackers are trying to brute force the company’s…

The Homeland Security and Governmental Affairs Committee on Wednesday also advanced legislation to strengthen the federal IT supply chain.