Vulnerability | Breaking Cybersecurity News | The Hacker News

Security teams today live in two different realities. On one side, platforms like ServiceNow create order: every vulnerability has a ticket, every incident has a workflow, and everything ties back to the CMDB. On the other side, attackers create chaos. They don't follow workflows. They look for the easiest way in, chaining together whatever exposures they can find until they reach something valuable. A vulnerability marked as "medium" in a ticketing system can still be the critical link in an attack path that leads straight to a company's crown jewels. In the ticketing system, the issue appears in isolation, yet attackers see how it connects to everything else. Without visibility into how exposures link together, teams risk wasting effort while the actual attack paths stay open. This is where ServiceNow's integration with XM Cyber comes in. By layering attack graph analysis onto VR and SIR , the platform lets teams see each issue through an attacker's eyes. Tickets and incidents ar...

Device and software vulnerabilities pose an increasing risk to modern security. However, patch management is an infamously difficult (and downright Sisyphean) task for IT and security teams, who are faced with an ever-growing list of CVEs to remediate. This task was difficult enough in the days of on-premise environments, but a modern distributed workforce has to contend with all the users, devices, and applications that may exist outside the purview of traditional security solutions, like MDM. Overall, with the ever-growing number of CVEs and the ever-growing sprawl of shadow IT, patch management has become both more urgent and more daunting than ever. IT and security teams need to adopt zero trust methods to ensure that only healthy and patched devices are able to access their critical systems. With the help of SaaS management and employee-remediation tactics, teams can do even more to improve efficacy and support for their company-wide patch management programs.  French philo...

Automated tools give you visibility. Adversarial testing gives you clarity. In Salesforce environments, you need both. The Problem with Checkbox Security in a Platform-Centric World Salesforce has become more than just a CRM—it's the backbone of how many organizations operate. It holds customer data, governs workflows, drives revenue, and connects to dozens of internal and third-party systems. But that complexity is exactly what makes it hard to secure. And too often, security teams rely solely on generic scans or scheduled audits that were never designed to handle the nuance of Salesforce's layered permissions, custom logic, and evolving integrations. The result? A lot of surface-level findings—and a lot of assumptions about what those findings actually mean. Automation Is Essential—But It's Only One Layer There's no question that modern scanning tools play a vital role in Salesforce security. The right platforms can surface deeply nested permissions, cross-object access paths,...

Reachability has quickly become one of the latest buzzwords in cybersecurity, but every vendor means something slightly different by the term. In part one of this series, I argued that reachability is really about only showing exploitable vulnerabilities. In part two , I compared runtime and static reachability to determine that if the goal of reachability analysis is to only fix exploitable vulnerabilities, only runtime reachability will get us there. The final question to address is, "Which type of runtime reachability is the right kind?" In 2025, almost every vendor uses the term reachability, alongside a nifty funnel showing your vulnerability count going down, but vendors almost always mean different things by the term. In this article, we'll explore the complexity of reachability types, and how while there's no silver bullet, function level reachability for vulnerabilities is the best overall answer to the problem. Flavors of Runtime Reachability All excalidraws are availab...

Businesses are firmly in attackers' crosshairs. Financially motivated cybercriminals conduct ransomware attacks with record-breaking ransoms being paid by companies seeking to avoid business interruption. Others, including nation-state hackers, infiltrate companies to steal intellectual property and trade secrets to gain commercial advantage over competitors. Further, we regularly see critical infrastructure being targeted by nation-state cyberattacks designed to act as sleeper cells that can be activated in times of heightened tension. Companies are on the back foot. Leaders must be confident in their cyber posture: Are defenses up to the job of keeping attacks at bay? Does the leadership team have a complete understanding of the threats and risks the company faces? How can CEOs seize the initiative to get ahead of threats? Adoption of zero trust architectures to improve cyber defense Businesses that don't embrace true zero trust will find themselves increasingly vulnerable to br...

It's been reported that a new, generative AI worm dubbed "Morris II" has emerged. And for many, this new, generative AI worm is an understandable reason to panic.  Pushing back against hysteria, however, we discover that Morris II only targets AI apps and AI-enabled email assistants. No attack is a good one, but at least this one's very specific. More importantly, the recognition that just as AI is helping to accelerate and automate attacks, it will also drastically improve security efficacy.  While AI threatens to overwhelm reactive security teams with the pace and sophistication of its onslaught, it can likewise enable proactive prevention through predictive processes and controls. This is critical to giving security teams the chance to withstand the barrage that awaits them. Scaling alongside AI-enabled attacks There are two proactive efforts that scale well when accelerated attacks become the norm. Neither of these efforts need to be AI-powered to be effective against...

Despite the widespread adoption of DDoS protection solutions, disruptive DDoS attacks continue to make headlines. Why? Even "basic" attacks are bypassing established defenses, as evidenced by the recent DDoS attack on X.  Our analysis, based on over 100,000 hours of annual attack simulations, reveals that all deployed DDoS protections are highly vulnerable — gaps that often go unnoticed until an attack successfully disrupts services. With no effective way to address these weaknesses preemptively, organizations remain exposed. This article examines why DDoS attacks persist and continue to inflict significant damage. How Even Simple Attacks Bring Down the Best DDoS Protections In 2024, Cloudflare reported more than 25 million DDoS attacks - representing a 53% YoY increase. This growing number of DDoS attacks and their escalating cost from damage begs the question: What are we missing? And how can the risk of these attacks (and the damage they cause) be reduced?  Unlike oth...

For many organizations, managing IT assets is like trying to complete a jigsaw puzzle without all the pieces. Despite massive investments in security tools and controls, many companies still have critical gaps in their ecosystems that leave them vulnerable to breaches. Often, these gaps stem not from a lack of tools—if such a thing exists in security—but from incomplete visibility and integration across those tools. By aggregating and analyzing data from multiple systems, security leaders can gain a more robust picture of their IT inventory and subsequently, their security posture. The challenge with disparate security tools It's not unusual for enterprises to deploy a wide array of security tools. The average organization uses roughly 10 security tools, covering everything from endpoint management to identity and access control. These tools, however, often operate in silos, creating fragmented and occasionally contradictory reports. Let's look at a practical example. Conside...

As I usually say: 'attackers are lazy'. In other words, they always follow the path of least resistance. As defenders catch up with their tactics, techniques, and procedures, the asymmetric gap between offensive and defensive capability shrinks, pushing attackers to shift their battlefield strategy, perpetuating a game that repeats over and over again. Take, for example, endpoint protection. For the last few years, endpoint protection, detection, and response have been the centerpiece of security strategies. As modern endpoint security products get better at anticipating threats based on AI-based engines, providing richer visibility and more contextual detection capabilities, attackers are pivoting away from them, looking for 'blind spots' in your architecture, leveraging vulnerabilities and misconfigurations in network devices, supply chains, and even firmware embedded deep within devices, areas where security visibility is limited. This trend is particularly significant due to the ...