Patch/Configuration Management

Ongoing intrusions leveraging a critical Qualitia flaw in Active! mail 6 and a pair of high-severity bugs in the Commvault webserver and Broadcom Brocade Fabric OS have been reported by the Cybersecurity and Infrastructure Security Agency, which urged the remediation of the issues by May 17 following their inclusion in its Known Exploited Vulnerabilities catalog, according to SecurityWeek.

More secure software development practices have prompted a decline in actively exploited zero-day vulnerabilities between 2023 and 2024, Cybersecurity Dive reports.

Active exploitation of flaw with 10.0 CVSS has been confirmed.

Cybernews reports that BreachForums had its planned revival last week purportedly hindered by a zero-day intrusion against the outdated MyBB forum software used by the BreachForums[.]st site then owned by "Anastasia."

At RSAC 2025, experts say Secure by Design is delivering real wins — yet unchecked development speed and supply chain risks still threaten progress.

An indisputable security use case for ChatGPT: scouring open-source changelogs for undisclosed vulnerability patches.

Attackers observed exploiting vulnerability in SAP's NetWeaver Visual Composer product.

Threat actors have exploited 159 CVEs during the first three months of 2025, compared with 151 during the last quarter of 2024, with almost a third of vulnerabilities leveraged in attacks within a day of their disclosure, according to The Hacker News.