DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
SAP Netweaver Visual Composer users are urged to patch a critical vulnerability that attackers are actively exploiting. According to ReliaQuest, which detected the vulnerability, the attacks allow full system compromise...more
WhatsApp users should update the application for vulnerability CVE-2025-30401, which Meta recently patched when WhatsApp was released for Windows version 2.2450.6....more
On March 28, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released a Malware Analysis Report (MAR) on RESURGE malware, which is associated with the product Ivanti Connect Secure....more
According to Cyberscoop, the cyber gang Cl0p “has claimed responsibility for attacks tied to vulnerabilities in software made by Cleo, an Illinois-based IT company that sells various types of enterprise software.” The gang...more
In the aftermath of what could be one of the most widespread global information technology outages in history, organizations are putting a renewed focus on combating old vulnerabilities that can have cascading effects. ...more
The consequences of a cyberattack can be catastrophic, as we saw in the previous blog of this series. Cybersecurity is a business-wide responsibility that demands a proactive strategy extending far beyond technical solutions...more
In one of the most clear-eyed and sobering assessments of the cyberthreat China poses to our nation’s critical infrastructure, the country’s foremost cybersecurity leaders recently testified that the Chinese Communist Party...more
In the recent case Construction Industry Laborers Pension Fund on behalf of SolarWinds Corporation, et. al v. Mike Bingle, et al. (2022), the Delaware Chancery Court considered whether the directors of SolarWinds Corporation,...more
The National Institutes of Science and Technology (NIST) Information Technology Laboratory recently released guidance entitled “Software Supply Chain Security Guidance,” in response to directives set forth in President...more
On December 9th, 2021, a critical zero-day vulnerability, which has the potential of providing threat actors access to millions of computers worldwide, was discovered. Due to the critical nature of this vulnerability, and the...more
It was a crazy weekend for cyberattacks. People seem surprised, but those of us in the industry aren’t surprised one bit. It is very logical and foreseeable that hackers are leveraging attacks that have maximum disruption on...more
A widely reported flaw in popular software known as Log4j poses a severe cybersecurity threat to organizations around the globe, with hundreds of millions of devices at risk. Over the past week, government agencies,...more
This week, both Apple and Microsoft issued patches to fix serious zero-day vulnerabilities that should be applied as soon as possible. That means that if you have an iPhone or iPad, you may want to plug your phone or iPad in...more
Mandiant, a division of FireEye, has reported that it has discovered a vulnerability in a software protocol that enables hackers to gain access to audio and visual data on smart devices including baby monitors and web...more
Earlier this week, Apple issued another patch—this one is said to address a reported vulnerability that “an application may be able to execute arbitrary code with kernel privileges.” According to Apple, it “is aware of a...more
In a rare sharing of information about vulnerabilities in a blog post, Microsoft this week urged customers to download software patches to Microsoft Exchange Server after it detected “multiple 0—Day exploits being used to...more
Sunday’s release of a long-awaited Labor Department final rule on joint employment spells trouble for workers hoping to “sue large companies for wrongdoing by contractors or franchisees.” The rule reverses Obama-era policies...more
Cisco is warning customers using its Adaptive Security Appliance (ASA) software about a VPN bug that could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code” and...more
From insulin pumps and pacemakers to defibrillators, medical devices increasingly rely on wireless and internet connectivity for efficient operations. Unfortunately, these interconnections also leave devices vulnerable to an...more
We all learned the hard way how important patching vulnerabilities are when a major data breach occurred during 2017 that exposed the personal information of 80 percent of U.S. adults that was reportedly avoidable with a...more