Beyond CVEs: Mastering the Landscape with Vulnerability-Lookup is finally online.
The talk was given at @firstdotorg conference.
#opensource #vulnerability #vulnerabilitymanagement #cybersecurity
Video https://youtu.be/PS6NuisVxBU?si=KbPbnHWgKM0wxmMR
Online instance https://vulnerability.circl.lu/
Open source project https://www.vulnerability-lookup.org/
NOW PUBLISHING: On-Location Coverage from #BlackHatUSA 2025!
We're back in the office and excited to start sharing all the conversations we captured on location in Las Vegas with our amazing sponsors and editorial coverage!
Follow ITSPmagazine, Sean Martin, CISSP, and Marco Ciappelli to get this content fresh as it drops!
We're honored to share this eye-opening Brand Story conversation thanks to our friends at runZero 
The Often-Overlooked Truth in #Cybersecurity: Seeing the Unseen in Vulnerability Management
Most successful breaches don't happen because defenders ignored known vulnerabilities. They happen because attackers exploited assets that organizations never knew existed.
HD Moore, founder and CEO of runZero and creator of #Metasploit, reveals the uncomfortable truth: organizations routinely miss half their actual attack surface. Through decades of penetration testing high-security environments, Moore discovered that traditional discovery methods only find properly managed systems while #shadowIT, legacy hardware, and misconfigured devices remain invisible.
Key insights from our conversation:
• When using attacker-grade discovery techniques, asset counts typically DOUBLE what organizations thought they had
• The industry's CVE obsession creates false security while real attacks exploit misconfigurations and zero-days
• Unknown assets—from IoT devices to forgotten servers—bypass even sophisticated security controls
• Traditional agent-based tools can't see what attackers see
#RunZero inverts the traditional model by starting with unauthenticated discovery that mirrors how attackers actually probe networks. This reveals the true attack surface and transforms vulnerability management from reactive patching to strategic risk reduction.
Watch the video: https://youtu.be/hkKJsKUugIU
Listen to the podcast: https://brand-stories-podcast.simplecast.com/episodes/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story-bM0PrkAw 
Read the blog: https://www.itspmagazine.com/their-stories/the-often-overlooked-truth-in-cybersecurity-seeing-the-unseen-in-vulnerability-management-a-brand-story-with-hd-moore-founder-and-ceo-of-runzero-a-black-hat-usa-2025-conference-on-location-brand-story
➤ Learn more about RunZero: https://itspm.ag/runzero-5733
✦ Catch more stories from RunZero: https://www.itspmagazine.com/directory/runzero
Follow all of our #BHUSA 2025 coverage: https://www.itspmagazine.com/bhusa25
NETGEAR is now a CVE Numbering Authority (CNA) assigning CVE IDs vulnerabilities in all products from NETGEAR, its subsidiaries, and third-party components used in NETGEAR products that are not in another CNA’s scope
https://cve.org/Media/News/item/news/2025/08/12/NETGEAR-Added-as-CNA
#cve #cna #vulnerability #vulnerabilitymanagement #cybersecurity #informationsecurity
674 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of July 28, 2025
https://www.cisa.gov/news-events/bulletins/sb25-216
#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA
Improve the effectiveness of your vulnerability remediation with EPSS on the Budibase platform https://hackernoon.com/no-code-epss-powered-vulnerability-management-in-budibase #vulnerabilitymanagement
7-Zip before 25.01 does not always properly handle symbolic links during extraction.
https://vulnerability.circl.lu/vuln/CVE-2025-55188
CVE-2025-55188 - GCVE-0-2025-55188
Patch https://github.com/ip7z/7zip/commit/5e96a8279489832924056b1fa82f29d5837c9469 (and yes the patch references two older CVEs from the previous patching)
ICS[AP] updated CISA ICS Advisories Master File for 8/7/25 & the following:
CISA_ICS_ADV_2025_08_07.csv
Available @ ICS[AP] GitHub: https://github.com/icsadvprj/ICS-Advisory-Project/tree/main
#opensource
#vulnerabilitymanagement
#icssecurity
A customized strategy for prioritizing vulnerabilities on the Budibase platform. https://hackernoon.com/prioritize-vulnerabilities-using-budibase-no-costly-tools-needed #vulnerabilitymanagement
Energy companies are blind to thousands of exposed services https://www.helpnetsecurity.com/2025/08/07/us-energy-sector-cybersecurity-vulnerabilities/ #vulnerabilitymanagement #criticalinfrastructure #cybersecurity #energysector #Don'tmiss #report #SixMap #News
We Speak CVE Podcast episode 28 now available!
“Mapping the Root Causes of CVEs”
https://youtu.be/3nNmrv4j1YE
#CVE #CWE #Vulnerability #Cybersecurity #VulnerabilityManagement
Minutes from the CVE Board teleconference meeting on July 23 are now available
https://mail-archive.com/cve-editorial-board-list@mitre.org/msg00286.html
#cve #vulnerability #vulnerabilitymanagement #hssedi #cisa #infosec #cybersecurity
CISOs say they’re prepared, their data says otherwise https://www.helpnetsecurity.com/2025/08/06/ciso-vulnerability-management-data-trust/ #vulnerabilitymanagement #Artificialintelligence #cybersecurity #datasecurity #automation #Don'tmiss #Axonius #report #News
ICS[AP] Dashboards are updated with the 2 new CISA Advisories released on 8/5/25:
Mitsubishi Electric Iconics: 1 New
Tigo Energy: 1 New
www.icsadvisoryproject.com
Legion of the Bouncy Castle is now a CVE Numbering Authority (CNA) assigning CVE IDs for Legion of the Bouncy Castle issues only
https://www.cve.org/Media/News/item/news/2025/08/04/Legion-of-Bouncy-Castle-Added-as-CNA
#cve #cna #vulnerability #vulnerabilitymanagement #cybersecurity #opensource
832 CVE Records + severity scores when available in CISA’s Vulnerability Summary bulletin for the week of July 21, 2025
https://www.cisa.gov/news-events/bulletins/sb25-209
#CVE #CVEID #CVSS #CWE #Vulnerability #VulnerabilityManagement #HSSEDI #CISA
Yesterday, we published new research revealing an early warning system for CVE disclosure.
Full report: https://www.greynoise.io/resources/early-warning-signals-attacker-behavior-precedes-new-vulnerabilities
In the scope of GCVE and @circl we couldn't find a practical, publicly available, and accessible document that outlines best practices for vulnerability handling and disclosure.
So we created a new one, released under an open-source license, to which everyone can freely contribute.
PDF: https://gcve.eu/files/bcp/gcve-bcp-02.pdf
HTML: https://gcve.eu/bcp/gcve-bcp-02/
Contributing: https://github.com/gcve-eu/gcve.eu/blob/main/content/bcp/gcve-bcp-02.md
Tonic Security Launches With $7 Million in Seed Funding https://www.securityweek.com/tonic-security-launches-with-7-million-in-seed-funding/ #vulnerabilitymanagement #CybersecurityFunding #emergefromstealth #TonicSecurity #seedfunding #funding
Tonic Security Launches With $7 Million in Seed Funding https://www.securityweek.com/tonic-security-launches-with-7-million-in-seed-funding/ #vulnerabilitymanagement #CybersecurityFunding #emergefromstealth #TonicSecurity #seedfunding #funding
Arteche is now a CVE Numbering Authority (CNA) assigning CVE IDs for Arteche issues only
https://cve.org/Media/News/item/news/2025/07/29/Arteche-Added-as-CNA
#cve #cna #vulnerability #vulnerabilitymanagement #cybersecurity
