Common Vulnerabilities and Exposures (CVE) stories

FIRST conference in Scottsdale draws 500-plus as security leaders and AI firms debate vulnerability disclosure, CWE's role and CVE's future.

Splashtop bets on AI-assisted patching and security alerts in a single console as it targets lean IT teams and MSPs with a new endpoint platform.

Forrester warns Anthropic's Project Glasswing could overwhelm vulnerability management, as AI uncovers flaws faster than patching teams can respond.

Intruder expands cloud security platform with registry-level container image scanning for AWS, Google Cloud and Azure users.

Qualys says attackers are exploiting flaws before disclosure as remediation backlogs swell, with edge devices facing the highest risk.

Percona teams up with Chainguard to offer supported, hardened container images for MySQL, PostgreSQL and MongoDB databases.

Rapid7 warns exploited high and critical software flaws more than doubled in 2025, as attackers compress disclosure-to-attack windows.

FIRST to host three cybersecurity conferences in 2026 as it predicts annual CVE disclosures will surpass 50,000 for the first time.

GitHub joins tech giants in a USD $12.5 million Alpha-Omega push, boosting AI-powered defences for critical open source software.

Microsoft's March Patch Tuesday fixes 77 flaws, including a severe SQL Server bug that could grant attackers sysadmin rights remotely.

ControlPlane launches enterprise support for OpenBao as IBM's USD $6.4 billion HashiCorp deal drives demand for open source Vault alternatives.

Wireless flaws have surged 230-fold since 2010, as Bastille warns AI data centres and critical infrastructure face escalating unseen risks.

Acronis warns AI is turbocharging phishing, email attacks and ransomware in 2025, with MSPs and collaboration tools under rising fire.

Simbian launches an AI Pentest Agent that runs continuous, adaptive penetration tests, promising faster, context-aware vulnerability detection.

Data-only extortion soars 11-fold as attackers 'log in instead of break in', abusing remote access tools for faster, stealthier raids.

Cyber group FIRST warns CVE disclosures could smash records in 2026, topping 50,000 and potentially surging towards six figures.

Black Kite launches Product Analysis tool to expose hidden risks in third-party software, from SaaS subdomains to SBOM dependencies.

Codific sees 2026 cybersecurity shaped by shadow AI, passwordless logins, tighter regulation and a sharper focus on software supply chains.

Minimus unveils Image Creator, enabling enterprises to build secure, custom container images with enhanced compliance and reduced vulnerabilities.

ReliaQuest reveals identity compromises and process flaws, not zero-day exploits, drive most cloud breaches, with 99% of cloud identities still over-privileged.