Common Vulnerabilities and Exposures (CVE) stories

Armis launches free Vulnerability Intelligence Database to help security teams anticipate and tackle cyber threats with real-time, AI-driven insights.

US government funding for the crucial CVE cybersecurity programme is set to lapse, raising fears over global vulnerability tracking and defence efforts.

CISA extends its contract with MITRE for another 11 months at USD $44 million, securing the critical CVE vulnerability programme amid funding concerns.

Concerns rise as MITRE's contract to manage the CVE vulnerability database nears expiry, risking disruption to global cybersecurity infrastructure.

US government funding for MITRE's CVE programme has expired, risking disruption to global cybersecurity efforts and vulnerability tracking systems.

Healthcare providers in Australia and New Zealand face growing cyber threats, with legacy medical devices proving vulnerable due to outdated security measures.

Microsoft's recent Patch Tuesday sparked scrutiny with a 40-minute delay in updates and notable vulnerabilities, including a critical zero-day in the CLFS Driver.

Zscaler's 2025 ThreatLabz VPN Risk Report reveals soaring VPN usage in Australia but warns of heightened security risks, urging a shift to Zero Trust architectures.

N-able has launched a new Vulnerability Management feature for its UEM products, enhancing risk mitigation for organisations amid rising cyber threats.

Microsoft has unveiled 121 vulnerabilities in its April 2025 Patch Tuesday update, marking a significant increase from last month's total.

runZero has unveiled an expanded platform to enhance exposure management, promising to aid organisations in effectively managing risk across their attack surfaces.

Kaspersky has uncovered and patched a critical zero-day vulnerability in Google Chrome, enabling attackers to bypass sandbox protections via malicious links.

A malicious commit in the tj-actions/changed-files GitHub Action, used in over 23,000 repositories, threatens software security across numerous CI pipelines.

As cyber attacks surge, the World Economic Forum warns of a widening skills gap, urging organisations to foster a culture of cyber hygiene for better security.

JFrog has partnered with Hugging Face to enhance security for machine learning models, boosting safety measures on the Hugging Face Hub against potential threats.

Microsoft has patched 56 vulnerabilities in its latest update, including seven zero-day flaws, six of which have been actively exploited.

A recent Bitdefender report reveals February 2025 as the worst month for ransomware, with victims rising 126% to 962, including a notable impact on Australia.

Mandiant has uncovered a sophisticated cyber espionage campaign by the China-linked group UNC3886, targeting outdated Juniper Networks routers with advanced malware.

Microsoft has revealed it will fix 57 vulnerabilities in its March 2025 Patch Tuesday update, including six previously exploited in the wild.

Australian organisations face escalating cyber threats as ransomware groups adopt advanced tactics previously seen only in state-sponsored attacks.