Searching for the best vulnerability management tools in the market today? You’ve come to the right place. We’ve done all the research, compiled data from leading review sites, such as G2 and Capterra, and created this comprehensive guide on what to look for when selecting the best software vulnerability management tools for your business. When using this guide, it’s important to remember that vulnerability management, as a category, is essentially comprised of two functions.

It’s like a faded Polaroid from a bygone era: The day when a computer with centralized software was safely locked away in an office. That’s because it is a bygone era for most organizations – wistfully recalled but wildly out of touch with the present.

You drink tap water every day, right? Do you know who invented the filtering mechanism that makes water pure and clean?… Well, do you actually care? Do you know that this mechanism is exactly the same in all the taps of all the houses of any country? Do you know that this specialized piece is the work of an engineer who does it just because? Can you imagine what could happen if this person had a bad day?

The xz backdoor is a vulnerability in XZ Utils, a popular data compression library. The xz backdoor can let unauthorized users gain admin-level access to systems, endangering data security and much more. Read on to learn more about the xz backdoor, who’s affected, and what you can do now to find out if your systems are at risk.

In a recent development that has sent ripples across the IT landscape, Microsoft has identified a critical issue plaguing Windows Server Domain Controllers (DCs). This issue, originating from a memory leak within the Local Security Authority Subsystem Service (LSASS), has emerged as a significant concern for organizations relying on both on-premises and cloud-based Active Directory domain controllers to process Kerberos authentication requests.

Think of your network device firmware as a fortress that can withstand attacks and protect you from potential threats in the digital world. It acts as a guardian, keeping hackers and malicious software at bay so you can be confident that your data is safe. However, any imposing medieval fortress standing tall and proud with seemingly impenetrable walls, no matter how strong it seems, can't keep up with a relentless barrage from the latest weaponry.

In November 2023 we discovered an issue in the Go standard library’s net/http.Client that allowed an attacker who controls redirect targets on a server to exfiltrate authentication secrets. Soon after, we discovered a similar issue in net/http/cookiejar.Jar. The issues, collectively designated CVE-2023-45289, have now been fixed in Go 1.22.1 and Go 1.21.8, released on March 5, 2024. This blog post dives into the technical details behind those two bugs and the patch that addresses them.

As organizations and individuals rely more and more on technology for many aspects of their lives, the security of digital assets is of increasing concern. From personal data to critical infrastructure, the digital landscape is rife with potential vulnerabilities that can be exploited by malicious actors. Cybersecurity has become a mainstream imperative as breaches and cyber threats continue to escalate.